Every CVE whose affected-product data names Moinmo Moinmoin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2020-25074 — CVSS 9.8 (critical): The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who…
CVE-2020-15275 — CVSS 8.7 (high): MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains…
CVE-2010-0669 — CVSS 7.5 (high): MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
CVE-2009-4762 — CVSS 7.5 (high): MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of…
CVE-2010-0717 — CVSS 7.5 (high): The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has…
CVE-2008-6603 — CVSS 6.8 (medium): MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to…
CVE-2010-0668 — CVSS 6.8 (medium): Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack…
CVE-2012-6080 — CVSS 6.4 (medium): Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3…
CVE-2016-7146 — CVSS 6.1 (medium): MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach…
CVE-2017-5934 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject…
CVE-2016-9119 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject…
CVE-2016-7148 — CVSS 6.1 (medium): MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross…
CVE-2012-6495 — CVSS 6.0 (medium): Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions…
CVE-2012-6081 — CVSS 6.0 (medium): Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py)…
CVE-2012-4404 — CVSS 6.0 (medium): security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All,"…
CVE-2008-6548 — CVSS 5.0 (medium): The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read…
CVE-2008-6549 — CVSS 5.0 (medium): The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are…
CVE-2010-0667 — CVSS 5.0 (medium): MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE…
CVE-2010-1238 — CVSS 5.0 (medium): MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer…
CVE-2010-2969 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject…
CVE-2010-2487 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote…
CVE-2009-1482 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject…
CVE-2010-2970 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or…
CVE-2012-6082 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject…
CVE-2010-0828 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote…
CVE-2011-1058 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils…