Vulnerabilites related to moinmo - moinmoin
Vulnerability from fkie_nvd
Published
2010-03-29 20:30
Modified
2024-11-21 01:10
Severity ?
Summary
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."
},
{
"lang": "es",
"value": "MoinMoin v1.7.x anteriores a la v1.7.3 y v1.8.x anteriores a la v1.8.3 chequea ACLs (listas de control de acceso) del elemento padre en algunas circunstacias inapropiadas durante el procesado de ACLs jer\u00e1rquicas, lo que permite a atacantes remotos evitar las restricciones de acceso previstas al solicitar un objeto. Es una vulnerabilidad distanta a la CVE-2008-6603."
}
],
"id": "CVE-2009-4762",
"lastModified": "2024-11-21T01:10:23.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-29T20:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39887"
},
{
"source": "cve@mitre.org",
"url": "http://ubuntu.com/usn/usn-941-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35277"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-941-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1208"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-11 16:15
Modified
2024-11-21 05:05
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90280389-72FE-47AD-9A03-4287C050976A",
"versionEndExcluding": "1.9.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user\u0027s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."
},
{
"lang": "es",
"value": "MoinMoin es un motor de wiki.\u0026#xa0;En MoinMoin antes de la versi\u00f3n 1.9.11, un atacante con permisos de escritura puede cargar un archivo SVG que contiene javascript malicioso.\u0026#xa0;Este javascript se ejecutar\u00e1 en el navegador de un usuario cuando el usuario est\u00e9 viendo ese archivo SVG en la wiki.\u0026#xa0;Se recomienda encarecidamente a los usuarios que se actualicen a una versi\u00f3n parcheada.\u0026#xa0;MoinMoin Wiki versi\u00f3n 1.9.11 tiene las correcciones necesarias y tambi\u00e9n contiene otras correcciones importantes"
}
],
"id": "CVE-2020-15275",
"lastModified": "2024-11-21T05:05:14.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-11T16:15:13.237",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-29 18:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | 1.6.1 | |
| moinmoin | moinmoin | * | |
| moinmoin | moinmoin | 0.1 | |
| moinmoin | moinmoin | 0.2 | |
| moinmoin | moinmoin | 0.3 | |
| moinmoin | moinmoin | 0.7 | |
| moinmoin | moinmoin | 0.8 | |
| moinmoin | moinmoin | 0.9 | |
| moinmoin | moinmoin | 0.10 | |
| moinmoin | moinmoin | 0.11 | |
| moinmoin | moinmoin | 1.0 | |
| moinmoin | moinmoin | 1.1 | |
| moinmoin | moinmoin | 1.2 | |
| moinmoin | moinmoin | 1.2.1 | |
| moinmoin | moinmoin | 1.2.2 | |
| moinmoin | moinmoin | 1.5.0 | |
| moinmoin | moinmoin | 1.5.1 | |
| moinmoin | moinmoin | 1.5.2 | |
| moinmoin | moinmoin | 1.5.3 | |
| moinmoin | moinmoin | 1.5.3_rc1 | |
| moinmoin | moinmoin | 1.5.3_rc2 | |
| moinmoin | moinmoin | 1.5.4 | |
| moinmoin | moinmoin | 1.5.5 | |
| moinmoin | moinmoin | 1.5.5_rc1 | |
| moinmoin | moinmoin | 1.5.5a | |
| moinmoin | moinmoin | 1.5.6 | |
| moinmoin | moinmoin | 1.5.7 | |
| moinmoin | moinmoin | 1.5.8 | |
| moinmoin | moinmoin | 1.6 | |
| moinmoin | moinmoin | 1.6.0 | |
| moinmoin | moinmoin | 1.6.1 | |
| moinmoin | moinmoin | 1.6.2 | |
| moinmoin | moinmoin | 1.6.3 | |
| moinmoin | moinmoin | 1.7 | |
| moinmoin | moinmoin | 1.7.0 | |
| moinmoin | moinmoin | 1.7.1 | |
| moinmoin | moinmoin | 1.7.2 | |
| moinmoin | moinmoin | 1.7.3 | |
| moinmoin | moinmoin | 1.8.0 | |
| moinmoin | moinmoin | 1.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB9D53C-D2DE-4FCA-B20B-43FC0EECF9BD",
"versionEndIncluding": "1.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2D2866E-A684-4EB7-A127-5FEC934945E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D41FDF8-B8BD-43D9-8D53-ADCF15F7E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDC4AB6-39BF-4444-9CFE-B654A19814C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD78CAE-9A9D-40AA-AD1F-C124A8315714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8673FFE8-349E-4412-9913-1145DFA1EC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "24271A6D-21D9-4E8D-997F-0EC132518FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B3072B82-3D5C-46DF-8869-08FAAC5C70DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93508FCF-7852-4CB9-AD91-AB0FCD61BE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83ACA6-5C3C-46E3-805C-EE1E759B7331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7EF155-C5E0-4473-B635-C551BF3F8EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFA7F26-835B-4454-91A2-1DBB80C53492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92D8510-CA34-4E6D-B432-997860C63B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2354B8-9A1A-4E75-92AC-F16CFDF91761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B44C24B-013E-4769-A200-D59752E0A041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8DB90E-BEE5-447E-9F78-A96634343815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84317439-A287-4897-9608-65095860AB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB70477-B0F2-44D6-92A8-0F42F890CF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "013FBB75-8B01-4249-9C6C-5E27964ED2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.3_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "361C37DC-CB43-4E6A-A198-313A9D62CD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22F3D66C-3D24-41D0-9E4B-BB458DD5517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A4C9F85-C5EF-4991-A005-5839951B9843",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "690F09A1-6195-404D-BDC3-5F02A4A201C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F9C82F62-DFBB-4499-8C6D-27DA49A00F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57003BFE-8FB2-480A-AFA1-63817B608F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FD9248-1E4B-46DC-9F78-20787F56D50B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23539FCA-FF83-46E5-A9E2-5051D975DC12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10CFA717-B536-46CF-8D96-B850EB4C6F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03FBCD1B-2D05-4C17-B41C-CF8DA75BB05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51DF4CAC-EDD8-4C71-BC77-0F516692B5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1CAAA6-8D33-4901-88E2-120AB7B4CD53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F89B87E-70F6-4B3C-B684-BE2666342F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "77C78CF4-D4B3-4AE1-A15F-14C3BB8136D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33BA7179-8A11-41C1-8F54-AC9316E8330D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59C423EE-D9F5-4570-A5E8-1AA34F05E0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12CADC-8939-462C-8D40-DD56B13773AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A19C0F96-9054-4DE9-92AD-A9DAF03B4960",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5CDE22-2384-4B78-A76F-B95D5FBAD141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmoin:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E706F537-8473-4E45-9165-CA502263DC2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en action/AttachFile.py en MoinMoin v1.8.2 y anteriores permiten a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de (1) una sub-acci\u00f3n AttachFile en la funci\u00f3n error_msg o (2) m\u00faltiples vectores relacionados con los errores de empaquetado de ficheros en la funci\u00f3n upload_form, diferentes vectores que CVE-2009-0260."
}
],
"id": "CVE-2009-1482",
"lastModified": "2024-11-21T01:02:33.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-29T18:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34821"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34945"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35024"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-774-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-774-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-03 01:55
Modified
2024-11-21 01:46
Severity ?
Summary
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA7AEF9-AD64-401A-BF0D-7549E6CEF030",
"versionEndIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BA7ACF-4304-4E0A-BBEC-233684B17BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3DB6BE-F00B-42A4-A121-60A3D7A65E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C7F65-58B4-4B78-8B01-2896A87B2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD692C09-2787-4CBD-80F8-7872B76E72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C00A124-C693-41EB-A0A9-87FA2C7D0B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0513D2-EF88-4C7E-9877-603F99FD7D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E480D12C-BC4E-475D-8C5D-53E7DE900596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18E3CC-DEA6-42B0-8D08-8F41031B0042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A353553-4720-4457-8FBA-9F2808507492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ECE1A5-0714-467D-A0DD-19C94359D21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1619929D-C06A-460B-9BD6-815B0FB2E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C75D53-AAA5-4BC4-A464-D525A7507120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BF1B63-7FBC-47CD-BE8E-509331B60B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "010A1332-BD8C-49D9-A742-632571EB3E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1A6994-D9C8-4D80-82DC-CCC84891055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "136BA0A5-98FE-48A8-BD5F-E163ECF351D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98C74029-698A-4413-9BE6-43AE04E232C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38629A9E-B8B3-4513-A271-D0F9C9B01940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC6287C-7EF7-41C7-BA54-CE667DF402A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F800E619-F48D-47E7-A776-878099C198B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42BEB861-A3C9-4D92-B042-7CC17E6F0FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "742D85DB-0E6B-45E2-99A1-7140CDBCEED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D915ED2B-97BF-427E-9F1F-F5A55DB59527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "830C376B-8F3A-4695-B0E1-56DFC8E36050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE674DBF-3B8B-4F0C-9D3F-2331A533FA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "759E9B75-1B72-4324-940E-C69E6C59E392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:a:*:*:*:*:*:*",
"matchCriteriaId": "D346F561-44A5-412C-8551-7A7F4E537721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B42EBD4-6773-4DD3-B93C-703076D2BAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7C0C0F-A970-4CB9-BC6D-131253CB8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "37002B23-E8E4-43AB-A6D7-BC747BE1A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A43AEE5-6540-4264-A956-391D8CC1212D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en (1) twikidraw (acction/twikidraw.py) y (2) anywikidraw (acction/anywikidraw.py), acciones en MoinMoin antes de v1.9.6 a usuarios remotos autenticados con permisos de escritura sobrescribir archivos arbitrarios a trav\u00e9s de vectores no especificados. NOTA: esto puede ser aprovechado con CVE-2012-6081 para ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2012-6495",
"lastModified": "2024-11-21T01:46:12.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-03T01:55:04.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "cve@mitre.org",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-22 18:00
Modified
2024-11-21 01:25
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B0D84D-A813-452A-A19F-9AD76D46CC13",
"versionEndIncluding": "1.9.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BA7ACF-4304-4E0A-BBEC-233684B17BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3DB6BE-F00B-42A4-A121-60A3D7A65E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C7F65-58B4-4B78-8B01-2896A87B2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD692C09-2787-4CBD-80F8-7872B76E72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C00A124-C693-41EB-A0A9-87FA2C7D0B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0513D2-EF88-4C7E-9877-603F99FD7D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E480D12C-BC4E-475D-8C5D-53E7DE900596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18E3CC-DEA6-42B0-8D08-8F41031B0042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A353553-4720-4457-8FBA-9F2808507492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ECE1A5-0714-467D-A0DD-19C94359D21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1619929D-C06A-460B-9BD6-815B0FB2E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C75D53-AAA5-4BC4-A464-D525A7507120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BF1B63-7FBC-47CD-BE8E-509331B60B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "010A1332-BD8C-49D9-A742-632571EB3E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1A6994-D9C8-4D80-82DC-CCC84891055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "136BA0A5-98FE-48A8-BD5F-E163ECF351D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98C74029-698A-4413-9BE6-43AE04E232C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38629A9E-B8B3-4513-A271-D0F9C9B01940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC6287C-7EF7-41C7-BA54-CE667DF402A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F800E619-F48D-47E7-A776-878099C198B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42BEB861-A3C9-4D92-B042-7CC17E6F0FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "742D85DB-0E6B-45E2-99A1-7140CDBCEED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D915ED2B-97BF-427E-9F1F-F5A55DB59527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "830C376B-8F3A-4695-B0E1-56DFC8E36050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE674DBF-3B8B-4F0C-9D3F-2331A533FA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "759E9B75-1B72-4324-940E-C69E6C59E392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:a:*:*:*:*:*:*",
"matchCriteriaId": "D346F561-44A5-412C-8551-7A7F4E537721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B42EBD4-6773-4DD3-B93C-703076D2BAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7C0C0F-A970-4CB9-BC6D-131253CB8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "37002B23-E8E4-43AB-A6D7-BC747BE1A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A43AEE5-6540-4264-A956-391D8CC1212D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when \"format rst\" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el analizador reStructuredText (rst) en parser/text_rst.py en MoinMoin anterior a versi\u00f3n 1.9.3, cuando es instalado docutils o cuando se establece \"format rst\", permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de una URL javascript: en el atributo refuri. NOTA: algunos de estos datos se obtienen de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2011-1058",
"lastModified": "2024-11-21T01:25:25.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-02-22T18:00:01.723",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43413"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43665"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50885"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2321"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46476"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1604-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0455"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0571"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0588"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1604-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65545"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-30 01:30
Modified
2024-11-21 00:56
Severity ?
Summary
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors."
},
{
"lang": "es",
"value": "La funci\u00f3n password_checker en config/multiconfig.py en MoinMoin v1.6.1 utiliza la caracter\u00edstica cracklib y python-crack incluso cuando ambas no est\u00e1n como \"thread-safe\", lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (falta de segmentaci\u00f3n y ca\u00edda) a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2008-6549",
"lastModified": "2024-11-21T00:56:49.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-30T01:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48876"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-05 13:22
Modified
2024-11-21 01:17
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.9.x anterior v1.9.3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9 de contenido manipulado, relacionado con (1) action/SlideShow.py, (2) action/anywikidraw.py, y (3) action/language_setup.py, un tema similar a CVE-2010-2487."
}
],
"id": "CVE-2010-2970",
"lastModified": "2024-11-21T01:17:45.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-05T13:22:29.950",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40836"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40549"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | * | |
| moinmo | moinmoin | 1.5.0 | |
| moinmo | moinmoin | 1.5.0 | |
| moinmo | moinmoin | 1.5.0 | |
| moinmo | moinmoin | 1.5.0 | |
| moinmo | moinmoin | 1.5.0 | |
| moinmo | moinmoin | 1.5.0 | |
| moinmo | moinmoin | 1.5.0 | |
| moinmo | moinmoin | 1.5.0 | |
| moinmo | moinmoin | 1.5.1 | |
| moinmo | moinmoin | 1.5.2 | |
| moinmo | moinmoin | 1.5.3 | |
| moinmo | moinmoin | 1.5.3 | |
| moinmo | moinmoin | 1.5.3 | |
| moinmo | moinmoin | 1.5.4 | |
| moinmo | moinmoin | 1.5.5 | |
| moinmo | moinmoin | 1.5.5 | |
| moinmo | moinmoin | 1.5.5a | |
| moinmo | moinmoin | 1.5.6 | |
| moinmo | moinmoin | 1.5.7 | |
| moinmo | moinmoin | 1.5.8 | |
| moinmo | moinmoin | 1.6.0 | |
| moinmo | moinmoin | 1.6.0 | |
| moinmo | moinmoin | 1.6.0 | |
| moinmo | moinmoin | 1.6.0 | |
| moinmo | moinmoin | 1.6.0 | |
| moinmo | moinmoin | 1.6.1 | |
| moinmo | moinmoin | 1.6.2 | |
| moinmo | moinmoin | 1.6.3 | |
| moinmo | moinmoin | 1.6.4 | |
| moinmo | moinmoin | 1.7.0 | |
| moinmo | moinmoin | 1.7.0 | |
| moinmo | moinmoin | 1.7.0 | |
| moinmo | moinmoin | 1.7.0 | |
| moinmo | moinmoin | 1.7.0 | |
| moinmo | moinmoin | 1.7.0 | |
| moinmo | moinmoin | 1.7.1 | |
| moinmo | moinmoin | 1.7.2 | |
| moinmo | moinmoin | 1.7.3 | |
| moinmo | moinmoin | 1.8.0 | |
| moinmo | moinmoin | 1.8.1 | |
| moinmo | moinmoin | 1.8.2 | |
| moinmo | moinmoin | 1.8.3 | |
| moinmo | moinmoin | 1.8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FB9377-E66A-4CDC-BD02-1342C45CD683",
"versionEndIncluding": "1.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B42EBD4-6773-4DD3-B93C-703076D2BAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de cfg.packagepages_actions_excluded en MoinMoin anteriores v1.8.7 no previene acciones inseguras, que tiene un impacto y vectores de ataque no especificados."
}
],
"id": "CVE-2010-0717",
"lastModified": "2024-11-21T01:12:48.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-26T19:30:00.837",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38903"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56595"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FB9377-E66A-4CDC-BD02-1342C45CD683",
"versionEndIncluding": "1.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B42EBD4-6773-4DD3-B93C-703076D2BAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors."
},
{
"lang": "es",
"value": "MoinMoin anteriores a v1.8.7 y 1.9.x anteriores a v1.9.2 no sanea de forma adecuada los perfiles de usuario, lo que tiene un impacto y efectos desconocidos."
}
],
"id": "CVE-2010-0669",
"lastModified": "2024-11-21T01:12:42.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-26T19:30:00.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38444"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38903"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/02/21/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38023"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/21/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0600"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-10 22:55
Modified
2024-11-21 01:42
Severity ?
Summary
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as \"All,\" \"Known,\" or \"Trusted,\" which allows remote authenticated users with virtual group membership to be treated as a member of the group."
},
{
"lang": "es",
"value": "security/__init__.py en MoinMoin v1.9 hasta v1.9.4 no trata correctamente los nombres de los grupos que contienen nombres de grupos virtuales tales como \"All\", \"Known\", o \"Trusted\", lo que permite ser tratados como miembros del grupo no-virtual a usuarios remotos autenticados que pertenezcan a un grupo virtual.\r\n"
}
],
"id": "CVE-2012-4404",
"lastModified": "2024-11-21T01:42:48.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-10T22:55:05.197",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50474"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50496"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50885"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2538"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/04/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1604-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/04/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1604-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B42EBD4-6773-4DD3-B93C-703076D2BAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7C0C0F-A970-4CB9-BC6D-131253CB8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en MoinMoin v1.5.x hasta v1.7.x, v1.8.x anteriores a v1.8.7, y v1.9.x anteriores a v1.9.2 tiene un impacto y cvector de ataque desconocido, relativo a configuraciones que tienen una lista no vac\u00eda de super-usuarios, la acci\u00f3n xmlrpc est\u00e1 disponible, la acci\u00f3n SyncPages est\u00e1 activo, o configurada OpenID."
}
],
"id": "CVE-2010-0668",
"lastModified": "2024-11-21T01:12:42.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-26T19:30:00.603",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38444"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38709"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38903"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/62043"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38023"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0266"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565604"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56002"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-03 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87AF5953-B882-406D-B637-3788E7C70666",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n rsslink en theme/__init__.py en MoinMoin 1.9.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del nombre de la p\u00e1gina en un enlace RSS."
}
],
"id": "CVE-2012-6082",
"lastModified": "2024-11-21T01:45:46.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-03T01:55:04.530",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"source": "secalert@redhat.com",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57089"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 17:59
Modified
2024-11-21 02:57
Severity ?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47A846CB-52C4-4F84-A85A-4FF92E4F69C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog\u0026dialog=attachment (via page name) component."
},
{
"lang": "es",
"value": "MoinMoin 1.9.8 permite a atacantes remotos llevar a cabo ataques \"JavaScript injection\" utilizando el enfoque \"page creation\", relacionado con un problema \"Cross Site Scripting (XSS)\" que afecta al componente action=fckdialog\u0026dialog=attachment (a trav\u00e9s del nombre de p\u00e1gina)."
}
],
"id": "CVE-2016-7146",
"lastModified": "2024-11-21T02:57:35.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T17:59:00.177",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-05 13:22
Modified
2024-11-21 01:17
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A603A52-7657-4287-8D58-EA91D9771C06",
"versionEndIncluding": "1.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BA7ACF-4304-4E0A-BBEC-233684B17BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3DB6BE-F00B-42A4-A121-60A3D7A65E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C7F65-58B4-4B78-8B01-2896A87B2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD692C09-2787-4CBD-80F8-7872B76E72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C00A124-C693-41EB-A0A9-87FA2C7D0B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0513D2-EF88-4C7E-9877-603F99FD7D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E480D12C-BC4E-475D-8C5D-53E7DE900596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18E3CC-DEA6-42B0-8D08-8F41031B0042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A353553-4720-4457-8FBA-9F2808507492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ECE1A5-0714-467D-A0DD-19C94359D21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1619929D-C06A-460B-9BD6-815B0FB2E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C75D53-AAA5-4BC4-A464-D525A7507120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BF1B63-7FBC-47CD-BE8E-509331B60B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "010A1332-BD8C-49D9-A742-632571EB3E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1A6994-D9C8-4D80-82DC-CCC84891055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "136BA0A5-98FE-48A8-BD5F-E163ECF351D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98C74029-698A-4413-9BE6-43AE04E232C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38629A9E-B8B3-4513-A271-D0F9C9B01940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC6287C-7EF7-41C7-BA54-CE667DF402A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F800E619-F48D-47E7-A776-878099C198B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42BEB861-A3C9-4D92-B042-7CC17E6F0FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "742D85DB-0E6B-45E2-99A1-7140CDBCEED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D915ED2B-97BF-427E-9F1F-F5A55DB59527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "830C376B-8F3A-4695-B0E1-56DFC8E36050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE674DBF-3B8B-4F0C-9D3F-2331A533FA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "759E9B75-1B72-4324-940E-C69E6C59E392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.7.x y anteriores permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9 de contenido manipulado, relacionado con (1) action/LikePages.py, (2) action/chart.py, y (3) action/userprofile.py, un tema similar a CVE-2010-2487."
}
],
"id": "CVE-2010-2969",
"lastModified": "2024-11-21T01:17:45.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-05T13:22:29.903",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40836"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/40549"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-30 22:59
Modified
2024-11-21 03:00
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3715 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94501 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-3137-1 | Third Party Advisory | |
| cve@mitre.org | https://moinmo.in/SecurityFixes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3715 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94501 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-3137-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://moinmo.in/SecurityFixes | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 16.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "086EEE1C-2D4E-4C4E-B1E9-362CF133C034",
"versionEndIncluding": "1.9.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el link de di\u00e1logo en el editor de GUI en MoinMoin en versiones anteriores a 1.9.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante vectores no especificados."
}
],
"id": "CVE-2016-9119",
"lastModified": "2024-11-21T03:00:38.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://moinmo.in/SecurityFixes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-05 15:30
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "37002B23-E8E4-43AB-A6D7-BC747BE1A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en action/Despam.py del m\u00f3dulo de acci\u00f3n Despam de MoinMoin v1.8.7 y v1.9.2, permite a usuarios autenticados en remoto inyectar secuencias de comandos Web o HTML de su elecci\u00f3n creando un p\u00e1gina con una URI manipulada."
}
],
"id": "CVE-2010-0828",
"lastModified": "2024-11-21T01:13:02.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-05T15:30:01.217",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html"
},
{
"source": "security@ubuntu.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39188"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39190"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/39267"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/39284"
},
{
"source": "security@ubuntu.com",
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/39110"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-925-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0767"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"source": "security@ubuntu.com",
"url": "http://www.vupen.com/english/advisories/2010/0834"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578801"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-925-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-15 19:29
Modified
2024-11-21 03:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 42.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D1682C-984C-4532-9DA9-B36E5FBFBD73",
"versionEndExcluding": "1.9.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en el di\u00e1logo de enlaces en el editor de la interfaz gr\u00e1fica de MoinMoin en versiones anteriores a la 1.9.10 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2017-5934",
"lastModified": "2024-11-21T03:28:42.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-15T19:29:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-05 13:22
Modified
2024-11-21 01:16
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A603A52-7657-4287-8D58-EA91D9771C06",
"versionEndIncluding": "1.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BA7ACF-4304-4E0A-BBEC-233684B17BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3DB6BE-F00B-42A4-A121-60A3D7A65E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C7F65-58B4-4B78-8B01-2896A87B2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD692C09-2787-4CBD-80F8-7872B76E72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C00A124-C693-41EB-A0A9-87FA2C7D0B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0513D2-EF88-4C7E-9877-603F99FD7D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E480D12C-BC4E-475D-8C5D-53E7DE900596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18E3CC-DEA6-42B0-8D08-8F41031B0042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A353553-4720-4457-8FBA-9F2808507492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ECE1A5-0714-467D-A0DD-19C94359D21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1619929D-C06A-460B-9BD6-815B0FB2E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C75D53-AAA5-4BC4-A464-D525A7507120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BF1B63-7FBC-47CD-BE8E-509331B60B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "010A1332-BD8C-49D9-A742-632571EB3E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1A6994-D9C8-4D80-82DC-CCC84891055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "136BA0A5-98FE-48A8-BD5F-E163ECF351D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98C74029-698A-4413-9BE6-43AE04E232C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38629A9E-B8B3-4513-A271-D0F9C9B01940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC6287C-7EF7-41C7-BA54-CE667DF402A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F800E619-F48D-47E7-A776-878099C198B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42BEB861-A3C9-4D92-B042-7CC17E6F0FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "742D85DB-0E6B-45E2-99A1-7140CDBCEED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D915ED2B-97BF-427E-9F1F-F5A55DB59527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "830C376B-8F3A-4695-B0E1-56DFC8E36050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE674DBF-3B8B-4F0C-9D3F-2331A533FA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "759E9B75-1B72-4324-940E-C69E6C59E392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7C0C0F-A970-4CB9-BC6D-131253CB8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "37002B23-E8E4-43AB-A6D7-BC747BE1A8D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MoinMoin v1.7.3 y anteriores, v1.8.x anterior a v1.8.8, y v1.9.x anterior a v1.9.3 permite a atacantes remotos injectar a su elecci\u00f3n c\u00f3digo web o HTML a trav\u00e9s de contenido manipulado, relacionado con (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, y (10) action/recoverpass.py."
}
],
"id": "CVE-2010-2487",
"lastModified": "2024-11-21T01:16:45.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-05T13:22:28.857",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.moinmo.in/moin/1.8/rev/4238b0c90871"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513"
},
{
"source": "secalert@redhat.com",
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
},
{
"source": "secalert@redhat.com",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"source": "secalert@redhat.com",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40836"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40549"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.8/rev/4238b0c90871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-11-10 17:59
Modified
2024-11-21 02:57
Severity ?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47A846CB-52C4-4F84-A85A-4FF92E4F69C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component."
},
{
"lang": "es",
"value": "MoinMoin 1.9.8 permite a atacantes remotos llevar a cabo ataques \"JavaScript injection\" utilizando el enfoque \"page creation\", relacionado con un problema \"Cross Site Scripting (XSS)\" que afecta al componente action=AttachFile (a trav\u00e9s del nombre de p\u00e1gina)."
}
],
"id": "CVE-2016-7148",
"lastModified": "2024-11-21T02:57:35.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T17:59:01.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-03 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87AF5953-B882-406D-B637-3788E7C70666",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n _do_attachment_move en una acci\u00f3n AttachFile (action/AttachFile.py) en MoinMoin v1.9.3 hasta v1.9.5 permite a atacantes remotos sobreescribir archivos arbitrarios a trav\u00e9s de .. (punto punto) en un nombre de archivo."
}
],
"id": "CVE-2012-6080",
"lastModified": "2024-11-21T01:45:46.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-03T01:55:04.437",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51676"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57076"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-26 19:30
Modified
2024-11-21 01:12
Severity ?
Summary
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "MoinMoin v1.9 anteriores v1.9.1 no realiza de la forma esperada la limpieza del array sys.argv en situaciones donde la variable de entorno GATEWAY_INTERFACE recibe valor, lo que permite a atacantes remotos conseguir informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0667",
"lastModified": "2024-11-21T01:12:42.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-26T19:30:00.463",
"references": [
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"
},
{
"source": "cve@mitre.org",
"url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38242"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-30 01:30
Modified
2024-11-21 00:56
Severity ?
Summary
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 | Broken Link, Vendor Advisory | |
| cve@mitre.org | http://moinmo.in/SecurityFixes | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://osvdb.org/48877 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://moinmo.in/SecurityFixes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/48877 | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors."
},
{
"lang": "es",
"value": "El analizador rst (parser/text_rst.py) en MoinMoin v1.6.1 no valida adecuadamente las ACL de la p\u00e1gina web incluida , lo que permite a atacantes leer archivos sin autorizaci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6548",
"lastModified": "2024-11-21T00:56:49.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-30T01:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/48877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/48877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-10 17:15
Modified
2024-11-21 05:17
Severity ?
Summary
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://moinmo.in/SecurityFixes | Third Party Advisory | |
| cve@mitre.org | https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4787 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://moinmo.in/SecurityFixes | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4787 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F928056-3734-41FC-B6C2-21353CA0C492",
"versionEndIncluding": "1.9.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
},
{
"lang": "es",
"value": "La acci\u00f3n de la cach\u00e9 en el archivo action/cache.py en MoinMoin versiones hasta 1.9.10, permite el salto de directorio por medio de una petici\u00f3n HTTP dise\u00f1ada.\u0026#xa0;Un atacante que pueda cargar archivos adjuntos a la wiki puede usar esto para lograr una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2020-25074",
"lastModified": "2024-11-21T05:17:12.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-10T17:15:12.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-03 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA7AEF9-AD64-401A-BF0D-7549E6CEF030",
"versionEndIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BA7ACF-4304-4E0A-BBEC-233684B17BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3DB6BE-F00B-42A4-A121-60A3D7A65E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C7F65-58B4-4B78-8B01-2896A87B2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD692C09-2787-4CBD-80F8-7872B76E72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C00A124-C693-41EB-A0A9-87FA2C7D0B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0513D2-EF88-4C7E-9877-603F99FD7D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E480D12C-BC4E-475D-8C5D-53E7DE900596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18E3CC-DEA6-42B0-8D08-8F41031B0042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A353553-4720-4457-8FBA-9F2808507492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ECE1A5-0714-467D-A0DD-19C94359D21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1619929D-C06A-460B-9BD6-815B0FB2E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C75D53-AAA5-4BC4-A464-D525A7507120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BF1B63-7FBC-47CD-BE8E-509331B60B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "010A1332-BD8C-49D9-A742-632571EB3E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1A6994-D9C8-4D80-82DC-CCC84891055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "136BA0A5-98FE-48A8-BD5F-E163ECF351D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98C74029-698A-4413-9BE6-43AE04E232C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38629A9E-B8B3-4513-A271-D0F9C9B01940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC6287C-7EF7-41C7-BA54-CE667DF402A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F800E619-F48D-47E7-A776-878099C198B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42BEB861-A3C9-4D92-B042-7CC17E6F0FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "742D85DB-0E6B-45E2-99A1-7140CDBCEED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D915ED2B-97BF-427E-9F1F-F5A55DB59527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "830C376B-8F3A-4695-B0E1-56DFC8E36050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE674DBF-3B8B-4F0C-9D3F-2331A533FA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "759E9B75-1B72-4324-940E-C69E6C59E392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:a:*:*:*:*:*:*",
"matchCriteriaId": "D346F561-44A5-412C-8551-7A7F4E537721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B42EBD4-6773-4DD3-B93C-703076D2BAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7C0C0F-A970-4CB9-BC6D-131253CB8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "37002B23-E8E4-43AB-A6D7-BC747BE1A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A43AEE5-6540-4264-A956-391D8CC1212D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012."
},
{
"lang": "es",
"value": "M\u00faltiples subidas de fichero sin restricci\u00f3n en las acciones 1) twikidraw (action/twikidraw.py) y (2) anywikidraw (action/anywikidraw.py) en MoinMoin antes de v1.9.6 permitie a usuarios remotos autenticados con permisos de escritura para ejecutar c\u00f3digo arbitrario mediante la carga de un archivo con una extensi\u00f3n ejecutable, y acceder a el a trav\u00e9s de una solicitud dirigida directamente al archivo en un directorio especificado, como se explot\u00f3 en en julio de 2012."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html \u0027CWE-434: Unrestricted Upload of File with Dangerous Type\u0027\r\n\r\n",
"id": "CVE-2012-6081",
"lastModified": "2024-11-21T01:45:46.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-03T01:55:04.483",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"source": "secalert@redhat.com",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51676"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57082"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-05 15:30
Modified
2024-11-21 01:13
Severity ?
Summary
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values."
},
{
"lang": "es",
"value": "MoinMoin v1.7.1, permite a atacantes remotos evitar el mecanismo de protecci\u00f3n textcha modificando los campos textcha-question y textcha-answer con valores vac\u00edos."
}
],
"id": "CVE-2010-1238",
"lastModified": "2024-11-21T01:13:57.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-05T15:30:01.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39284"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-925-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-925-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0831"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-03 18:30
Modified
2024-11-21 00:56
Severity ?
Summary
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937."
},
{
"lang": "es",
"value": "MoinMoin v1.6.2 y v1.7 no maneja adecuadamente los puntos de cumplimiento de la ACL cuando acl_hierarchic esta fijado como Verdadero, lo que permitir\u00eda a atacantes remotos evitar las restricciones de acceso previstas, una vulnerabilidad diferente que CVE-2008-1937."
}
],
"id": "CVE-2008-6603",
"lastModified": "2024-11-21T00:56:58.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-03T18:30:00.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/48875"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34655"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1307"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/48875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/1307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2010-2970
Vulnerability from cvelistv5
Published
2010-08-04 21:00
Modified
2024-09-17 00:16
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/1981 | vdb-entry, x_refsource_VUPEN | |
| http://moinmo.in/MoinMoinRelease1.9 | x_refsource_CONFIRM | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/40549 | vdb-entry, x_refsource_BID | |
| http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb | x_refsource_CONFIRM | |
| http://www.debian.org/security/2010/dsa-2083 | vendor-advisory, x_refsource_DEBIAN | |
| http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 | x_refsource_CONFIRM | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 | x_refsource_CONFIRM | |
| http://marc.info/?l=oss-security&m=127799369406968&w=2 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=oss-security&m=127809682420259&w=2 | mailing-list, x_refsource_MLIST | |
| http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40836 | third-party-advisory, x_refsource_SECUNIA | |
| http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:45.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "40549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb"
},
{
"name": "DSA-2083",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"name": "[oss-security] 20100701 CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"name": "40836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-04T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "40549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb"
},
{
"name": "DSA-2083",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"name": "[oss-security] 20100701 CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"name": "40836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"name": "http://moinmo.in/MoinMoinRelease1.9",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "40549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40549"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/4fe9951788cb"
},
{
"name": "DSA-2083",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"name": "[oss-security] 20100701 CVE request: moin multiple XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"name": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"name": "40836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40836"
},
{
"name": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2970",
"datePublished": "2010-08-04T21:00:00Z",
"dateReserved": "2010-08-04T00:00:00Z",
"dateUpdated": "2024-09-17T00:16:31.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4762
Vulnerability from cvelistv5
Published
2010-03-29 20:00
Modified
2024-08-07 07:17
Severity ?
EPSS score ?
Summary
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
References
| ▼ | URL | Tags |
|---|---|---|
| http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2 | x_refsource_CONFIRM | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/1208 | vdb-entry, x_refsource_VUPEN | |
| http://www.debian.org/security/2010/dsa-2014 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/39887 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/35277 | vdb-entry, x_refsource_BID | |
| http://ubuntu.com/usn/usn-941-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.vupen.com/english/advisories/2010/0600 | vdb-entry, x_refsource_VUPEN | |
| http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:24.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2010-1208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1208"
},
{
"name": "DSA-2014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "39887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39887"
},
{
"name": "35277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35277"
},
{
"name": "USN-941-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-941-1"
},
{
"name": "ADV-2010-0600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2010-1208",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1208"
},
{
"name": "DSA-2014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "39887",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39887"
},
{
"name": "35277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35277"
},
{
"name": "USN-941-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-941-1"
},
{
"name": "ADV-2010-0600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2010-1208",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1208"
},
{
"name": "DSA-2014",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "39887",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39887"
},
{
"name": "35277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35277"
},
{
"name": "USN-941-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-941-1"
},
{
"name": "ADV-2010-0600",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4762",
"datePublished": "2010-03-29T20:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T07:17:24.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0667
Vulnerability from cvelistv5
Published
2010-02-26 19:00
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/02/15/2 | mailing-list, x_refsource_MLIST | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://hg.moinmo.in/moin/1.9/rev/04afdde50094 | x_refsource_CONFIRM | |
| http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18 | x_refsource_CONFIRM | |
| http://marc.info/?l=oss-security&m=126676896601156&w=2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/01/21/6 | mailing-list, x_refsource_MLIST | |
| http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2 | x_refsource_CONFIRM | |
| http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES | x_refsource_CONFIRM | |
| http://marc.info/?l=oss-security&m=126625972814888&w=2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/38242 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"name": "[oss-security] 20100121 CVE request: MoinMoin information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"name": "38242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-26T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"name": "[oss-security] 20100121 CVE request: MoinMoin information disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"name": "38242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38242"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"
},
{
"name": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"name": "[oss-security] 20100121 CVE request: MoinMoin information disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"
},
{
"name": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"name": "38242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38242"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0667",
"datePublished": "2010-02-26T19:00:00Z",
"dateReserved": "2010-02-21T00:00:00Z",
"dateUpdated": "2024-09-17T03:07:34.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0717
Vulnerability from cvelistv5
Published
2010-02-26 19:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56595 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2010/02/15/2 | mailing-list, x_refsource_MLIST | |
| http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES | x_refsource_CONFIRM | |
| http://moinmo.in/MoinMoinRelease1.8 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2010/dsa-2014 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/38903 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/0600 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "moinmoin-cfgpackagepages-unspecified(56595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56595"
},
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "DSA-2014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "38903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38903"
},
{
"name": "ADV-2010-0600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "moinmoin-cfgpackagepages-unspecified(56595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56595"
},
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "DSA-2014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "38903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38903"
},
{
"name": "ADV-2010-0600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "moinmoin-cfgpackagepages-unspecified(56595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56595"
},
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"name": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"name": "http://moinmo.in/MoinMoinRelease1.8",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "DSA-2014",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "38903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38903"
},
{
"name": "ADV-2010-0600",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0717",
"datePublished": "2010-02-26T19:00:00",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4404
Vulnerability from cvelistv5
Published
2012-09-10 22:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1604-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/50496 | third-party-advisory, x_refsource_SECUNIA | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2538 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/09/04/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/50885 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/50474 | third-party-advisory, x_refsource_SECUNIA | |
| http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/09/05/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1604-1"
},
{
"name": "50496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-2538",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2538"
},
{
"name": "[oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/04/4"
},
{
"name": "50885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50885"
},
{
"name": "50474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50474"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"
},
{
"name": "[oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as \"All,\" \"Known,\" or \"Trusted,\" which allows remote authenticated users with virtual group membership to be treated as a member of the group."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-1604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1604-1"
},
{
"name": "50496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-2538",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2538"
},
{
"name": "[oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/04/4"
},
{
"name": "50885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50885"
},
{
"name": "50474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50474"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"
},
{
"name": "[oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4404",
"datePublished": "2012-09-10T22:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15275
Vulnerability from cvelistv5
Published
2020-11-11 15:45
Modified
2024-08-04 13:15
Severity ?
EPSS score ?
Summary
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43 | x_refsource_CONFIRM | |
| https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11 | x_refsource_MISC | |
| https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2 | x_refsource_MISC | |
| https://advisory.checkmarx.net/advisory/CX-2020-4285 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moin-1.9",
"vendor": "moinwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user\u0027s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-30T21:15:23",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
],
"source": {
"advisory": "GHSA-4q96-6xhq-ff43",
"discovery": "UNKNOWN"
},
"title": "malicious SVG attachment causing stored XSS vulnerability in MoinMoin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15275",
"STATE": "PUBLIC",
"TITLE": "malicious SVG attachment causing stored XSS vulnerability in MoinMoin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moin-1.9",
"version": {
"version_data": [
{
"version_value": "\u003c 1.9.11"
}
]
}
}
]
},
"vendor_name": "moinwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user\u0027s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43",
"refsource": "CONFIRM",
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"name": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"name": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"name": "https://advisory.checkmarx.net/advisory/CX-2020-4285",
"refsource": "MISC",
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
]
},
"source": {
"advisory": "GHSA-4q96-6xhq-ff43",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15275",
"datePublished": "2020-11-11T15:45:15",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:15:19.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6080
Vulnerability from cvelistv5
Published
2013-01-03 01:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/57076 | vdb-entry, x_refsource_BID | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51663 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2012/dsa-2593 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599 | x_refsource_MISC | |
| http://secunia.com/advisories/51676 | third-party-advisory, x_refsource_SECUNIA | |
| http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51696 | third-party-advisory, x_refsource_SECUNIA | |
| http://ubuntu.com/usn/usn-1680-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2012/12/30/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6080",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25074
Vulnerability from cvelistv5
Published
2020-11-10 16:48
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://moinmo.in/SecurityFixes | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4787 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T00:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "MISC",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"name": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25074",
"datePublished": "2020-11-10T16:48:21",
"dateReserved": "2020-09-02T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9119
Vulnerability from cvelistv5
Published
2017-01-30 22:00
Modified
2024-08-06 02:42
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/94501 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-3137-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.debian.org/security/2016/dsa-3715 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-31T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9119",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2016-10-30T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5934
Vulnerability from cvelistv5
Published
2018-10-15 19:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4318 | vendor-advisory, x_refsource_DEBIAN | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3794-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:48.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024",
"refsource": "CONFIRM",
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5934",
"datePublished": "2018-10-15T19:00:00",
"dateReserved": "2017-02-08T00:00:00",
"dateUpdated": "2024-08-05T15:18:48.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0828
Vulnerability from cvelistv5
Published
2010-04-05 15:15
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39267"
},
{
"name": "ADV-2010-0767",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0767"
},
{
"name": "39110",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39110"
},
{
"name": "moinmoin-despam-xss(57435)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578801"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022"
},
{
"name": "FEDORA-2010-6134",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html"
},
{
"name": "DSA-2024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"name": "ADV-2010-0834",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0834"
},
{
"name": "39284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39284"
},
{
"name": "FEDORA-2010-6012",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995"
},
{
"name": "39190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca"
},
{
"name": "39188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39188"
},
{
"name": "ADV-2010-0831",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"name": "USN-925-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-925-1"
},
{
"name": "FEDORA-2010-6180",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "39267",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39267"
},
{
"name": "ADV-2010-0767",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0767"
},
{
"name": "39110",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39110"
},
{
"name": "moinmoin-despam-xss(57435)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578801"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022"
},
{
"name": "FEDORA-2010-6134",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html"
},
{
"name": "DSA-2024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"name": "ADV-2010-0834",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0834"
},
{
"name": "39284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39284"
},
{
"name": "FEDORA-2010-6012",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995"
},
{
"name": "39190",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca"
},
{
"name": "39188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39188"
},
{
"name": "ADV-2010-0831",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"name": "USN-925-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-925-1"
},
{
"name": "FEDORA-2010-6180",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2010-0828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39267"
},
{
"name": "ADV-2010-0767",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0767"
},
{
"name": "39110",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39110"
},
{
"name": "moinmoin-despam-xss(57435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57435"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=578801",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578801"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/538022"
},
{
"name": "FEDORA-2010-6134",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038574.html"
},
{
"name": "DSA-2024",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"name": "ADV-2010-0834",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0834"
},
{
"name": "39284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39284"
},
{
"name": "FEDORA-2010-6012",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038490.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575995"
},
{
"name": "39190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39190"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca"
},
{
"name": "39188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39188"
},
{
"name": "ADV-2010-0831",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"name": "USN-925-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-925-1"
},
{
"name": "FEDORA-2010-6180",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038706.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2010-0828",
"datePublished": "2010-04-05T15:15:00",
"dateReserved": "2010-03-03T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7146
Vulnerability from cvelistv5
Published
2016-11-10 17:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3137-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/94259 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3715 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog\u0026dialog=attachment (via page name) component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog\u0026dialog=attachment (via page name) component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"name": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html",
"refsource": "MISC",
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7146",
"datePublished": "2016-11-10T17:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2969
Vulnerability from cvelistv5
Published
2010-08-04 21:00
Modified
2024-09-16 20:38
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/1981 | vdb-entry, x_refsource_VUPEN | |
| http://moinmo.in/MoinMoinRelease1.9 | x_refsource_CONFIRM | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/40549 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2010/dsa-2083 | vendor-advisory, x_refsource_DEBIAN | |
| http://hg.moinmo.in/moin/1.9/rev/e50b087c4572 | x_refsource_CONFIRM | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809 | x_refsource_CONFIRM | |
| http://marc.info/?l=oss-security&m=127799369406968&w=2 | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=oss-security&m=127809682420259&w=2 | mailing-list, x_refsource_MLIST | |
| http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES | x_refsource_CONFIRM | |
| http://hg.moinmo.in/moin/1.7/rev/37306fba2189 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40836 | third-party-advisory, x_refsource_SECUNIA | |
| http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.399Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "40549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40549"
},
{
"name": "DSA-2083",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"name": "[oss-security] 20100701 CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"name": "40836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-04T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "40549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40549"
},
{
"name": "DSA-2083",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"name": "[oss-security] 20100701 CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"name": "40836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-1981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"name": "http://moinmo.in/MoinMoinRelease1.9",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "40549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40549"
},
{
"name": "DSA-2083",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"name": "[oss-security] 20100701 CVE request: moin multiple XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"name": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"name": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"name": "40836",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40836"
},
{
"name": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2969",
"datePublished": "2010-08-04T21:00:00Z",
"dateReserved": "2010-08-04T00:00:00Z",
"dateUpdated": "2024-09-16T20:38:11.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6548
Vulnerability from cvelistv5
Published
2009-03-30 01:00
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/48877 | vdb-entry, x_refsource_OSVDB | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48877"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-30T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48877"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48877",
"refsource": "OSVDB",
"url": "http://osvdb.org/48877"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6548",
"datePublished": "2009-03-30T01:00:00Z",
"dateReserved": "2009-03-29T00:00:00Z",
"dateUpdated": "2024-09-16T19:14:37.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6082
Vulnerability from cvelistv5
Published
2013-01-03 01:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
References
| ▼ | URL | Tags |
|---|---|---|
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51663 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/12/30/5 | mailing-list, x_refsource_MLIST | |
| http://hg.moinmo.in/moin/1.9/rev/c98ec456e493 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57089 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/12/29/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"name": "57089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57089"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"name": "57089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57089"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6082",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2487
Vulnerability from cvelistv5
Published
2010-08-04 21:00
Modified
2024-08-07 02:32
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/4238b0c90871"
},
{
"name": "ADV-2010-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "40549",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513"
},
{
"name": "DSA-2083",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"name": "[oss-security] 20100701 CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"name": "40836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40836"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-04T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/4238b0c90871"
},
{
"name": "ADV-2010-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "40549",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/68ba3cc79513"
},
{
"name": "DSA-2083",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/e50b087c4572"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584809"
},
{
"name": "[oss-security] 20100701 CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127799369406968\u0026w=2"
},
{
"name": "[oss-security] 20100702 Re: CVE request: moin multiple XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127809682420259\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.8/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/37306fba2189"
},
{
"name": "40836",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40836"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2487",
"datePublished": "2010-08-04T21:00:00Z",
"dateReserved": "2010-06-28T00:00:00Z",
"dateUpdated": "2024-08-07T02:32:16.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1482
Vulnerability from cvelistv5
Published
2009-04-29 18:06
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50356 | vdb-entry, x_refsource_XF | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1119 | vdb-entry, x_refsource_VUPEN | |
| http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34631 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35024 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/34945 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1791 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/34821 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-774-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "moinmoin-errormsg-xss(50356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "moinmoin-errormsg-xss(50356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "moinmoin-errormsg-xss(50356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50356"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "ADV-2009-1119",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1119"
},
{
"name": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1"
},
{
"name": "34631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34631"
},
{
"name": "35024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35024"
},
{
"name": "34945",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34945"
},
{
"name": "DSA-1791",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1791"
},
{
"name": "34821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34821"
},
{
"name": "USN-774-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-774-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1482",
"datePublished": "2009-04-29T18:06:00",
"dateReserved": "2009-04-29T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1238
Vulnerability from cvelistv5
Published
2010-04-05 15:15
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2010/dsa-2024 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/39284 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2010/0831 | vdb-entry, x_refsource_VUPEN | |
| http://www.ubuntu.com/usn/USN-925-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"name": "39284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39284"
},
{
"name": "ADV-2010-0831",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"name": "USN-925-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-925-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"name": "39284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39284"
},
{
"name": "ADV-2010-0831",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"name": "USN-925-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-925-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2024",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2024"
},
{
"name": "39284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39284"
},
{
"name": "ADV-2010-0831",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0831"
},
{
"name": "USN-925-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-925-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1238",
"datePublished": "2010-04-05T15:15:00",
"dateReserved": "2010-04-05T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6081
Vulnerability from cvelistv5
Published
2013-01-03 01:00
Modified
2024-08-06 21:21
Severity ?
EPSS score ?
Summary
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
References
| ▼ | URL | Tags |
|---|---|---|
| http://moinmo.in/MoinMoinRelease1.9 | x_refsource_CONFIRM | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51663 | third-party-advisory, x_refsource_SECUNIA | |
| http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2593 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/57082 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/12/29/6 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/51676 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/12/30/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/51696 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/25304 | exploit, x_refsource_EXPLOIT-DB | |
| http://ubuntu.com/usn/usn-1680-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "57082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57082"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51676"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "25304",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-10T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "57082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57082"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51676"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "25304",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6081",
"datePublished": "2013-01-03T01:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6549
Vulnerability from cvelistv5
Published
2009-03-30 01:00
Modified
2024-09-17 00:46
Severity ?
EPSS score ?
Summary
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 | x_refsource_CONFIRM | |
| http://osvdb.org/48876 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
},
{
"name": "48876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-03-30T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
},
{
"name": "48876",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546"
},
{
"name": "48876",
"refsource": "OSVDB",
"url": "http://osvdb.org/48876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6549",
"datePublished": "2009-03-30T01:00:00Z",
"dateReserved": "2009-03-29T00:00:00Z",
"dateUpdated": "2024-09-17T00:46:49.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0668
Vulnerability from cvelistv5
Published
2010-02-26 19:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "moinmoin-superuser-unspecified(56002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56002"
},
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"name": "38023",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565604"
},
{
"name": "62043",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62043"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "38709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38709"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"name": "DSA-2014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "FEDORA-2010-1712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html"
},
{
"name": "38444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38444"
},
{
"name": "38903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38903"
},
{
"name": "FEDORA-2010-1743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html"
},
{
"name": "ADV-2010-0600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"name": "ADV-2010-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0266"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "moinmoin-superuser-unspecified(56002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56002"
},
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"name": "38023",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565604"
},
{
"name": "62043",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62043"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "38709",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38709"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"name": "DSA-2014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "FEDORA-2010-1712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html"
},
{
"name": "38444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38444"
},
{
"name": "38903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38903"
},
{
"name": "FEDORA-2010-1743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html"
},
{
"name": "ADV-2010-0600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"name": "ADV-2010-0266",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0266"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "moinmoin-superuser-unspecified(56002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56002"
},
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"name": "38023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38023"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=565604",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=565604"
},
{
"name": "62043",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62043"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126676896601156\u0026w=2"
},
{
"name": "http://moinmo.in/MoinMoinRelease1.8",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "38709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38709"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126625972814888\u0026w=2"
},
{
"name": "DSA-2014",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "FEDORA-2010-1712",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html"
},
{
"name": "38444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38444"
},
{
"name": "38903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38903"
},
{
"name": "FEDORA-2010-1743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html"
},
{
"name": "ADV-2010-0600",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0600"
},
{
"name": "ADV-2010-0266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0266"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0668",
"datePublished": "2010-02-26T19:00:00",
"dateReserved": "2010-02-21T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6603
Vulnerability from cvelistv5
Published
2009-04-03 18:00
Modified
2024-08-07 11:34
Severity ?
EPSS score ?
Summary
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
References
| ▼ | URL | Tags |
|---|---|---|
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41911 | vdb-entry, x_refsource_XF | |
| http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34655 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/48875 | vdb-entry, x_refsource_OSVDB | |
| http://hg.moinmo.in/moin/1.7/rev/88356b3f849a | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/1307 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"
},
{
"name": "moinmoin-acl-security-bypass(41911)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"
},
{
"name": "34655",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34655"
},
{
"name": "48875",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/48875"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"
},
{
"name": "ADV-2008-1307",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1307"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"
},
{
"name": "moinmoin-acl-security-bypass(41911)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"
},
{
"name": "34655",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34655"
},
{
"name": "48875",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/48875"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"
},
{
"name": "ADV-2008-1307",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1307"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"
},
{
"name": "moinmoin-acl-security-bypass(41911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"
},
{
"name": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"
},
{
"name": "34655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34655"
},
{
"name": "48875",
"refsource": "OSVDB",
"url": "http://osvdb.org/48875"
},
{
"name": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"
},
{
"name": "ADV-2008-1307",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1307"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6603",
"datePublished": "2009-04-03T18:00:00",
"dateReserved": "2009-04-03T00:00:00",
"dateUpdated": "2024-08-07T11:34:47.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6495
Vulnerability from cvelistv5
Published
2013-01-03 01:00
Modified
2024-09-16 23:26
Severity ?
EPSS score ?
Summary
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| http://moinmo.in/MoinMoinRelease1.9 | x_refsource_CONFIRM | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2593 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/12/29/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/12/30/4 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/51696 | third-party-advisory, x_refsource_SECUNIA | |
| http://ubuntu.com/usn/usn-1680-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/MoinMoinRelease1.9",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1680-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6495",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2013-01-02T00:00:00Z",
"dateUpdated": "2024-09-16T23:26:18.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0669
Vulnerability from cvelistv5
Published
2010-02-26 19:00
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/02/15/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/38023 | vdb-entry, x_refsource_BID | |
| http://moinmo.in/SecurityFixes | x_refsource_CONFIRM | |
| http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES | x_refsource_CONFIRM | |
| http://moinmo.in/MoinMoinRelease1.8 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2010/dsa-2014 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2010/02/21/2 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/38444 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/38903 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2010/02/15/4 | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2010/0600 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"name": "38023",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "DSA-2014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/21/2"
},
{
"name": "38444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38444"
},
{
"name": "38903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38903"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/4"
},
{
"name": "ADV-2010-0600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"name": "38023",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "DSA-2014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/21/2"
},
{
"name": "38444",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38444"
},
{
"name": "38903",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38903"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/4"
},
{
"name": "ADV-2010-0600",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"
},
{
"name": "38023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38023"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES"
},
{
"name": "http://moinmo.in/MoinMoinRelease1.8",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.8"
},
{
"name": "DSA-2014",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2014"
},
{
"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/21/2"
},
{
"name": "38444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38444"
},
{
"name": "38903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38903"
},
{
"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/15/4"
},
{
"name": "ADV-2010-0600",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0669",
"datePublished": "2010-02-26T19:00:00",
"dateReserved": "2010-02-21T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1058
Vulnerability from cvelistv5
Published
2011-02-22 17:00
Modified
2024-08-06 22:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46476",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46476"
},
{
"name": "USN-1604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1604-1"
},
{
"name": "FEDORA-2011-2156",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-2321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2321"
},
{
"name": "ADV-2011-0588",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0588"
},
{
"name": "FEDORA-2011-2157",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html"
},
{
"name": "43665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43665"
},
{
"name": "50885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50885"
},
{
"name": "ADV-2011-0455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0455"
},
{
"name": "43413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43413"
},
{
"name": "FEDORA-2011-2219",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html"
},
{
"name": "ADV-2011-0571",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0571"
},
{
"name": "moinmoin-refuri-xss(65545)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when \"format rst\" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46476",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46476"
},
{
"name": "USN-1604-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1604-1"
},
{
"name": "FEDORA-2011-2156",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-2321",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2321"
},
{
"name": "ADV-2011-0588",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0588"
},
{
"name": "FEDORA-2011-2157",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html"
},
{
"name": "43665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43665"
},
{
"name": "50885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50885"
},
{
"name": "ADV-2011-0455",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0455"
},
{
"name": "43413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43413"
},
{
"name": "FEDORA-2011-2219",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html"
},
{
"name": "ADV-2011-0571",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0571"
},
{
"name": "moinmoin-refuri-xss(65545)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65545"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when \"format rst\" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46476"
},
{
"name": "USN-1604-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1604-1"
},
{
"name": "FEDORA-2011-2156",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055116.html"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-2321",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2321"
},
{
"name": "ADV-2011-0588",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0588"
},
{
"name": "FEDORA-2011-2157",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055124.html"
},
{
"name": "43665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43665"
},
{
"name": "50885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50885"
},
{
"name": "ADV-2011-0455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0455"
},
{
"name": "43413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43413"
},
{
"name": "FEDORA-2011-2219",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054544.html"
},
{
"name": "ADV-2011-0571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0571"
},
{
"name": "moinmoin-refuri-xss(65545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65545"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1058",
"datePublished": "2011-02-22T17:00:00",
"dateReserved": "2011-02-21T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7148
Vulnerability from cvelistv5
Published
2016-11-10 17:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-3137-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/94259 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3715 | vendor-advisory, x_refsource_DEBIAN | |
| https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"name": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html",
"refsource": "MISC",
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7148",
"datePublished": "2016-11-10T17:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}