Search criteria
78 vulnerabilities found for moinmoin by moinmo
FKIE_CVE-2020-15275
Vulnerability from fkie_nvd - Published: 2020-11-11 16:15 - Updated: 2024-11-21 05:05
Severity ?
8.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90280389-72FE-47AD-9A03-4287C050976A",
"versionEndExcluding": "1.9.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user\u0027s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."
},
{
"lang": "es",
"value": "MoinMoin es un motor de wiki.\u0026#xa0;En MoinMoin antes de la versi\u00f3n 1.9.11, un atacante con permisos de escritura puede cargar un archivo SVG que contiene javascript malicioso.\u0026#xa0;Este javascript se ejecutar\u00e1 en el navegador de un usuario cuando el usuario est\u00e9 viendo ese archivo SVG en la wiki.\u0026#xa0;Se recomienda encarecidamente a los usuarios que se actualicen a una versi\u00f3n parcheada.\u0026#xa0;MoinMoin Wiki versi\u00f3n 1.9.11 tiene las correcciones necesarias y tambi\u00e9n contiene otras correcciones importantes"
}
],
"id": "CVE-2020-15275",
"lastModified": "2024-11-21T05:05:14.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-11T16:15:13.237",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
FKIE_CVE-2020-25074
Vulnerability from fkie_nvd - Published: 2020-11-10 17:15 - Updated: 2024-11-21 05:17
Severity ?
Summary
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://moinmo.in/SecurityFixes | Third Party Advisory | |
| cve@mitre.org | https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4787 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://moinmo.in/SecurityFixes | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4787 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F928056-3734-41FC-B6C2-21353CA0C492",
"versionEndIncluding": "1.9.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
},
{
"lang": "es",
"value": "La acci\u00f3n de la cach\u00e9 en el archivo action/cache.py en MoinMoin versiones hasta 1.9.10, permite el salto de directorio por medio de una petici\u00f3n HTTP dise\u00f1ada.\u0026#xa0;Un atacante que pueda cargar archivos adjuntos a la wiki puede usar esto para lograr una ejecuci\u00f3n de c\u00f3digo remota"
}
],
"id": "CVE-2020-25074",
"lastModified": "2024-11-21T05:17:12.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-10T17:15:12.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5934
Vulnerability from fkie_nvd - Published: 2018-10-15 19:29 - Updated: 2024-11-21 03:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 42.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85D1682C-984C-4532-9DA9-B36E5FBFBD73",
"versionEndExcluding": "1.9.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) en el di\u00e1logo de enlaces en el editor de la interfaz gr\u00e1fica de MoinMoin en versiones anteriores a la 1.9.10 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2017-5934",
"lastModified": "2024-11-21T03:28:42.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-15T19:29:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9119
Vulnerability from fkie_nvd - Published: 2017-01-30 22:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3715 | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94501 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-3137-1 | Third Party Advisory | |
| cve@mitre.org | https://moinmo.in/SecurityFixes | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3715 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94501 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-3137-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://moinmo.in/SecurityFixes | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moinmo | moinmoin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 16.10 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "086EEE1C-2D4E-4C4E-B1E9-362CF133C034",
"versionEndIncluding": "1.9.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el link de di\u00e1logo en el editor de GUI en MoinMoin en versiones anteriores a 1.9.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante vectores no especificados."
}
],
"id": "CVE-2016-9119",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-30T22:59:00.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://moinmo.in/SecurityFixes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-7148
Vulnerability from fkie_nvd - Published: 2016-11-10 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47A846CB-52C4-4F84-A85A-4FF92E4F69C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component."
},
{
"lang": "es",
"value": "MoinMoin 1.9.8 permite a atacantes remotos llevar a cabo ataques \"JavaScript injection\" utilizando el enfoque \"page creation\", relacionado con un problema \"Cross Site Scripting (XSS)\" que afecta al componente action=AttachFile (a trav\u00e9s del nombre de p\u00e1gina)."
}
],
"id": "CVE-2016-7148",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T17:59:01.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-7146
Vulnerability from fkie_nvd - Published: 2016-11-10 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47A846CB-52C4-4F84-A85A-4FF92E4F69C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog\u0026dialog=attachment (via page name) component."
},
{
"lang": "es",
"value": "MoinMoin 1.9.8 permite a atacantes remotos llevar a cabo ataques \"JavaScript injection\" utilizando el enfoque \"page creation\", relacionado con un problema \"Cross Site Scripting (XSS)\" que afecta al componente action=fckdialog\u0026dialog=attachment (a trav\u00e9s del nombre de p\u00e1gina)."
}
],
"id": "CVE-2016-7146",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-11-10T17:59:00.177",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6495
Vulnerability from fkie_nvd - Published: 2013-01-03 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA7AEF9-AD64-401A-BF0D-7549E6CEF030",
"versionEndIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BA7ACF-4304-4E0A-BBEC-233684B17BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3DB6BE-F00B-42A4-A121-60A3D7A65E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C7F65-58B4-4B78-8B01-2896A87B2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD692C09-2787-4CBD-80F8-7872B76E72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C00A124-C693-41EB-A0A9-87FA2C7D0B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0513D2-EF88-4C7E-9877-603F99FD7D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E480D12C-BC4E-475D-8C5D-53E7DE900596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18E3CC-DEA6-42B0-8D08-8F41031B0042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A353553-4720-4457-8FBA-9F2808507492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ECE1A5-0714-467D-A0DD-19C94359D21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1619929D-C06A-460B-9BD6-815B0FB2E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C75D53-AAA5-4BC4-A464-D525A7507120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BF1B63-7FBC-47CD-BE8E-509331B60B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "010A1332-BD8C-49D9-A742-632571EB3E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1A6994-D9C8-4D80-82DC-CCC84891055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "136BA0A5-98FE-48A8-BD5F-E163ECF351D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98C74029-698A-4413-9BE6-43AE04E232C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38629A9E-B8B3-4513-A271-D0F9C9B01940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC6287C-7EF7-41C7-BA54-CE667DF402A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F800E619-F48D-47E7-A776-878099C198B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42BEB861-A3C9-4D92-B042-7CC17E6F0FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "742D85DB-0E6B-45E2-99A1-7140CDBCEED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D915ED2B-97BF-427E-9F1F-F5A55DB59527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "830C376B-8F3A-4695-B0E1-56DFC8E36050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE674DBF-3B8B-4F0C-9D3F-2331A533FA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "759E9B75-1B72-4324-940E-C69E6C59E392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:a:*:*:*:*:*:*",
"matchCriteriaId": "D346F561-44A5-412C-8551-7A7F4E537721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B42EBD4-6773-4DD3-B93C-703076D2BAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7C0C0F-A970-4CB9-BC6D-131253CB8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "37002B23-E8E4-43AB-A6D7-BC747BE1A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A43AEE5-6540-4264-A956-391D8CC1212D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en (1) twikidraw (acction/twikidraw.py) y (2) anywikidraw (acction/anywikidraw.py), acciones en MoinMoin antes de v1.9.6 a usuarios remotos autenticados con permisos de escritura sobrescribir archivos arbitrarios a trav\u00e9s de vectores no especificados. NOTA: esto puede ser aprovechado con CVE-2012-6081 para ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2012-6495",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-03T01:55:04.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "cve@mitre.org",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "cve@mitre.org",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6080
Vulnerability from fkie_nvd - Published: 2013-01-03 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87AF5953-B882-406D-B637-3788E7C70666",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n _do_attachment_move en una acci\u00f3n AttachFile (action/AttachFile.py) en MoinMoin v1.9.3 hasta v1.9.5 permite a atacantes remotos sobreescribir archivos arbitrarios a trav\u00e9s de .. (punto punto) en un nombre de archivo."
}
],
"id": "CVE-2012-6080",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-03T01:55:04.437",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51676"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57076"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6082
Vulnerability from fkie_nvd - Published: 2013-01-03 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87AF5953-B882-406D-B637-3788E7C70666",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n rsslink en theme/__init__.py en MoinMoin 1.9.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del nombre de la p\u00e1gina en un enlace RSS."
}
],
"id": "CVE-2012-6082",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-01-03T01:55:04.530",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"source": "secalert@redhat.com",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57089"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6081
Vulnerability from fkie_nvd - Published: 2013-01-03 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA7AEF9-AD64-401A-BF0D-7549E6CEF030",
"versionEndIncluding": "1.9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3BA7ACF-4304-4E0A-BBEC-233684B17BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3DB6BE-F00B-42A4-A121-60A3D7A65E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C06C7F65-58B4-4B78-8B01-2896A87B2AAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DD692C09-2787-4CBD-80F8-7872B76E72C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C00A124-C693-41EB-A0A9-87FA2C7D0B01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0513D2-EF88-4C7E-9877-603F99FD7D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E480D12C-BC4E-475D-8C5D-53E7DE900596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6B18E3CC-DEA6-42B0-8D08-8F41031B0042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3A353553-4720-4457-8FBA-9F2808507492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B0ECE1A5-0714-467D-A0DD-19C94359D21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1619929D-C06A-460B-9BD6-815B0FB2E319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5C75D53-AAA5-4BC4-A464-D525A7507120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BF1B63-7FBC-47CD-BE8E-509331B60B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "010A1332-BD8C-49D9-A742-632571EB3E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1A6994-D9C8-4D80-82DC-CCC84891055F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "136BA0A5-98FE-48A8-BD5F-E163ECF351D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98C74029-698A-4413-9BE6-43AE04E232C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38629A9E-B8B3-4513-A271-D0F9C9B01940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC6287C-7EF7-41C7-BA54-CE667DF402A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F800E619-F48D-47E7-A776-878099C198B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42BEB861-A3C9-4D92-B042-7CC17E6F0FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "742D85DB-0E6B-45E2-99A1-7140CDBCEED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D915ED2B-97BF-427E-9F1F-F5A55DB59527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "830C376B-8F3A-4695-B0E1-56DFC8E36050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.3.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DE674DBF-3B8B-4F0C-9D3F-2331A533FA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "759E9B75-1B72-4324-940E-C69E6C59E392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "853D71B8-E563-4730-9DD5-EFF8CF87B413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "05461641-A9C4-4006-8442-98520DA23EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DF724DF0-8C5F-4F77-88C8-1FB521FD5A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "A58BEC46-0FEB-4EE0-B380-0D39FCFE1E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "7ABF88D5-561A-4CCB-B323-A736953914CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "2DA1B94A-2EDC-43F8-83F1-E10A7890B3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "6CC202ED-E219-42CE-BC46-F424C714F316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "92056276-DBDC-432A-905F-D3C8AD231F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7779A40E-B882-439D-9176-DAF1AD369EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B4F98-2002-448B-A6A8-D9BA8737B723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8376370-2978-4E95-AB19-07197330AD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "929867E4-9A4F-4B99-BF61-8BB1DB28962A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B51BFA62-E867-4919-9B14-2C480009FC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E0510B94-903C-4B51-97A6-D13D999D87C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30A445D9-11DD-4DF7-AABD-539F432EC803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:a:*:*:*:*:*:*",
"matchCriteriaId": "D346F561-44A5-412C-8551-7A7F4E537721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "69A4F9E1-BFE4-4326-8C86-F2E8BE58F45F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "70805F86-C038-4310-BBCE-53E3C0739A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9DF1DB-047A-4FF3-90E4-3C5B12934AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "08737344-5992-4BB7-9F0D-CCD5E0F19B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2291F8-480B-40D5-AE14-FDC78435CD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6CD4382-1412-4D82-9094-57E90B8C9C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "8DDC6900-5361-4BAE-9164-D0EAA5170B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "131BDB4E-3C1A-4FA4-84E0-37508559513E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7BA7A7B-1DDB-427E-A9F1-89EAB2A76956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "61B4FA65-C2FE-47BF-80D4-5ED09BC961B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23A64B6E-48D4-4743-97E3-C1EC6C1A2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E5BE42E1-8CDC-47B8-AC07-E9415542AD5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52857288-A7F7-40EA-9A72-01A6B6551FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A53F3F1-19B4-4A79-BE8B-544890E19C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "00911CD0-5F85-421A-8430-40AC85F63019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1677575-A194-4F04-9ABA-F64EDAAB446F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0CABF9F6-83B1-4193-AA89-A8DE14435215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "AACD410A-08AC-4241-A764-B528A0C9BC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B42EBD4-6773-4DD3-B93C-703076D2BAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB916ACA-0E61-4C6B-84BE-8BD27AE766AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCDE917F-0AFB-431C-A0B2-CCC86946E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7C0C0F-A970-4CB9-BC6D-131253CB8749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "37002B23-E8E4-43AB-A6D7-BC747BE1A8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1A43AEE5-6540-4264-A956-391D8CC1212D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012."
},
{
"lang": "es",
"value": "M\u00faltiples subidas de fichero sin restricci\u00f3n en las acciones 1) twikidraw (action/twikidraw.py) y (2) anywikidraw (action/anywikidraw.py) en MoinMoin antes de v1.9.6 permitie a usuarios remotos autenticados con permisos de escritura para ejecutar c\u00f3digo arbitrario mediante la carga de un archivo con una extensi\u00f3n ejecutable, y acceder a el a trav\u00e9s de una solicitud dirigida directamente al archivo en un directorio especificado, como se explot\u00f3 en en julio de 2012."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html \u0027CWE-434: Unrestricted Upload of File with Dangerous Type\u0027\r\n\r\n",
"id": "CVE-2012-6081",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-03T01:55:04.483",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"source": "secalert@redhat.com",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51676"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "secalert@redhat.com",
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57082"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-15275 (GCVE-0-2020-15275)
Vulnerability from cvelistv5 – Published: 2020-11-11 15:45 – Updated: 2024-08-04 13:15
VLAI?
Summary
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
Severity ?
8.7 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moin-1.9",
"vendor": "moinwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user\u0027s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-30T21:15:23",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
],
"source": {
"advisory": "GHSA-4q96-6xhq-ff43",
"discovery": "UNKNOWN"
},
"title": "malicious SVG attachment causing stored XSS vulnerability in MoinMoin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15275",
"STATE": "PUBLIC",
"TITLE": "malicious SVG attachment causing stored XSS vulnerability in MoinMoin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moin-1.9",
"version": {
"version_data": [
{
"version_value": "\u003c 1.9.11"
}
]
}
}
]
},
"vendor_name": "moinwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user\u0027s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43",
"refsource": "CONFIRM",
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"name": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"name": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"name": "https://advisory.checkmarx.net/advisory/CX-2020-4285",
"refsource": "MISC",
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
]
},
"source": {
"advisory": "GHSA-4q96-6xhq-ff43",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15275",
"datePublished": "2020-11-11T15:45:15",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:15:19.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25074 (GCVE-0-2020-25074)
Vulnerability from cvelistv5 – Published: 2020-11-10 16:48 – Updated: 2024-08-04 15:26
VLAI?
Summary
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T00:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "MISC",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"name": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25074",
"datePublished": "2020-11-10T16:48:21",
"dateReserved": "2020-09-02T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5934 (GCVE-0-2017-5934)
Vulnerability from cvelistv5 – Published: 2018-10-15 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:48.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024",
"refsource": "CONFIRM",
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5934",
"datePublished": "2018-10-15T19:00:00",
"dateReserved": "2017-02-08T00:00:00",
"dateUpdated": "2024-08-05T15:18:48.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9119 (GCVE-0-2016-9119)
Vulnerability from cvelistv5 – Published: 2017-01-30 22:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-31T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9119",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2016-10-30T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7146 (GCVE-0-2016-7146)
Vulnerability from cvelistv5 – Published: 2016-11-10 17:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog\u0026dialog=attachment (via page name) component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog\u0026dialog=attachment (via page name) component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"name": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html",
"refsource": "MISC",
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7146",
"datePublished": "2016-11-10T17:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7148 (GCVE-0-2016-7148)
Vulnerability from cvelistv5 – Published: 2016-11-10 17:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"name": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html",
"refsource": "MISC",
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7148",
"datePublished": "2016-11-10T17:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6081 (GCVE-0-2012-6081)
Vulnerability from cvelistv5 – Published: 2013-01-03 01:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "57082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57082"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51676"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "25304",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-10T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "57082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57082"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51676"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "25304",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6081",
"datePublished": "2013-01-03T01:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6080 (GCVE-0-2012-6080)
Vulnerability from cvelistv5 – Published: 2013-01-03 01:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6080",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6495 (GCVE-0-2012-6495)
Vulnerability from cvelistv5 – Published: 2013-01-03 01:00 – Updated: 2024-09-16 23:26
VLAI?
Summary
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/MoinMoinRelease1.9",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1680-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6495",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2013-01-02T00:00:00Z",
"dateUpdated": "2024-09-16T23:26:18.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6082 (GCVE-0-2012-6082)
Vulnerability from cvelistv5 – Published: 2013-01-03 01:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"name": "57089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57089"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"name": "57089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57089"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6082",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15275 (GCVE-0-2020-15275)
Vulnerability from nvd – Published: 2020-11-11 15:45 – Updated: 2024-08-04 13:15
VLAI?
Summary
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
Severity ?
8.7 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moin-1.9",
"vendor": "moinwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user\u0027s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-30T21:15:23",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
],
"source": {
"advisory": "GHSA-4q96-6xhq-ff43",
"discovery": "UNKNOWN"
},
"title": "malicious SVG attachment causing stored XSS vulnerability in MoinMoin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15275",
"STATE": "PUBLIC",
"TITLE": "malicious SVG attachment causing stored XSS vulnerability in MoinMoin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "moin-1.9",
"version": {
"version_data": [
{
"version_value": "\u003c 1.9.11"
}
]
}
}
]
},
"vendor_name": "moinwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user\u0027s browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43",
"refsource": "CONFIRM",
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"
},
{
"name": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"
},
{
"name": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"
},
{
"name": "https://advisory.checkmarx.net/advisory/CX-2020-4285",
"refsource": "MISC",
"url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"
}
]
},
"source": {
"advisory": "GHSA-4q96-6xhq-ff43",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15275",
"datePublished": "2020-11-11T15:45:15",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:15:19.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25074 (GCVE-0-2020-25074)
Vulnerability from nvd – Published: 2020-11-10 16:48 – Updated: 2024-08-04 15:26
VLAI?
Summary
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-11T00:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "MISC",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "DSA-4787",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4787"
},
{
"name": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq",
"refsource": "MISC",
"url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq"
},
{
"name": "[debian-lts-announce] 20201110 [SECURITY] [DLA 2446-1] moin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25074",
"datePublished": "2020-11-10T16:48:21",
"dateReserved": "2020-09-02T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5934 (GCVE-0-2017-5934)
Vulnerability from nvd – Published: 2018-10-15 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:48.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024",
"refsource": "CONFIRM",
"url": "https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024"
},
{
"name": "DSA-4318",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4318"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "[debian-lts-announce] 20181015 [SECURITY] [DLA 1546-1] moin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html"
},
{
"name": "USN-3794-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3794-1/"
},
{
"name": "openSUSE-SU-2018:3105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5934",
"datePublished": "2018-10-15T19:00:00",
"dateReserved": "2017-02-08T00:00:00",
"dateUpdated": "2024-08-05T15:18:48.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9119 (GCVE-0-2016-9119)
Vulnerability from nvd – Published: 2017-01-30 22:00 – Updated: 2024-08-06 02:42
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-31T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "https://moinmo.in/SecurityFixes"
},
{
"name": "94501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94501"
},
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9119",
"datePublished": "2017-01-30T22:00:00",
"dateReserved": "2016-10-30T00:00:00",
"dateUpdated": "2024-08-06T02:42:10.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7146 (GCVE-0-2016-7146)
Vulnerability from nvd – Published: 2016-11-10 17:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog\u0026dialog=attachment (via page name) component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation or crafted URL\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=fckdialog\u0026dialog=attachment (via page name) component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"name": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html",
"refsource": "MISC",
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7146",
"datePublished": "2016-11-10T17:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7148 (GCVE-0-2016-7148)
Vulnerability from nvd – Published: 2016-11-10 17:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-30T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3137-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3137-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3137-1"
},
{
"name": "94259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94259"
},
{
"name": "DSA-3715",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3715"
},
{
"name": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html",
"refsource": "MISC",
"url": "https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7148",
"datePublished": "2016-11-10T17:00:00",
"dateReserved": "2016-09-05T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6081 (GCVE-0-2012-6081)
Vulnerability from nvd – Published: 2013-01-03 01:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "57082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57082"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51676"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "25304",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-10T15:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "57082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57082"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51676"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "25304",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6081",
"datePublished": "2013-01-03T01:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6080 (GCVE-0-2012-6080)
Vulnerability from nvd – Published: 2013-01-03 01:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "57076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51676"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "57076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "51676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51676"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6080",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6495 (GCVE-0-2012-6495)
Vulnerability from nvd – Published: 2013-01-03 01:00 – Updated: 2024-09-16 23:26
VLAI?
Summary
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1680-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/MoinMoinRelease1.9",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1680-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6495",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2013-01-02T00:00:00Z",
"dateUpdated": "2024-09-16T23:26:18.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6082 (GCVE-0-2012-6082)
Vulnerability from nvd – Published: 2013-01-03 01:00 – Updated: 2024-08-06 21:21
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"name": "57089",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57089"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-03T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51663"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.moinmo.in/moin/1.9/rev/c98ec456e493"
},
{
"name": "57089",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57089"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (XSS in rss link)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6082",
"datePublished": "2013-01-03T01:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T21:21:28.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}