Skip to main content

Moinmoin

10 CVEs product

Monthly

CVE-2020-15275 PyPI MEDIUM POC PATCH This Month

MoinMoin is a wiki engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Moinmoin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-25074 PyPI CRITICAL PATCH Act Now

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Moinmoin Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
6.1%
CVE-2016-9119 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Moinmoin Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-7148 PyPI MEDIUM POC PATCH This Month

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Moinmoin
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-7146 PyPI MEDIUM POC PATCH This Month

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Moinmoin
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2012-6495 PyPI MEDIUM POC PATCH This Month

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal RCE Moinmoin
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
9.9%
CVE-2012-6082 PyPI MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Moinmoin
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6081 PyPI MEDIUM POC PATCH THREAT This Month

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.6%.

File Upload RCE Moinmoin
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
73.6%
Threat
4.9
CVE-2012-6080 PyPI MEDIUM PATCH This Month

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Moinmoin
NVD
CVSS 2.0
6.4
EPSS
1.5%
CVE-2012-4404 PyPI MEDIUM PATCH This Month

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Moinmoin
NVD
CVSS 2.0
6.0
EPSS
1.0%
EPSS 2% CVSS 5.4
MEDIUM POC PATCH This Month

MoinMoin is a wiki engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Moinmoin
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Moinmoin +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Moinmoin Ubuntu Linux +1
NVD
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Moinmoin
NVD
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Moinmoin
NVD
EPSS 10% CVSS 6.0
MEDIUM POC PATCH This Month

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal RCE Moinmoin
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Moinmoin
NVD
EPSS 74% 4.9 CVSS 6.0
MEDIUM POC PATCH THREAT This Month

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 73.6%.

File Upload RCE Moinmoin
NVD Exploit-DB
EPSS 2% CVSS 6.4
MEDIUM PATCH This Month

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Moinmoin
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Moinmoin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy