Filtered by vendor Moinmo Subscriptions
Filtered by product Moinmoin Subscriptions

Search

Switch to Advanced Search (Beta)
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-0717 1 Moinmo 1 Moinmoin 2025-04-11 N/A
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
CVE-2010-0669 1 Moinmo 1 Moinmoin 2025-04-11 N/A
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
CVE-2010-0828 1 Moinmo 1 Moinmoin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
CVE-2020-25074 2 Debian, Moinmo 2 Debian Linux, Moinmoin 2024-11-21 9.8 Critical
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
CVE-2020-15275 1 Moinmo 1 Moinmoin 2024-11-21 8.7 High
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
CVE-2017-5934 4 Canonical, Debian, Moinmo and 1 more 4 Ubuntu Linux, Debian Linux, Moinmoin and 1 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.