CVE Tools

moinmoin

Web & CMS Pluginsoss-project

17

Cumulative CVEs

9

Monthly snapshots

#36

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting moinmoin.

CVE-2009-1482Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-act...4.3Apr 29, 2009
CVE-2009-0312Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallo...4.3Jan 28, 2009
CVE-2009-0260Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the Wi...4.3Jan 23, 2009
CVE-2008-3381Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified v...4.3Jul 30, 2008
CVE-2008-1937The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.6.8Apr 24, 2008
CVE-2008-1099_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.5.0Mar 5, 2008
CVE-2008-1098Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_ged...4.3Mar 5, 2008
CVE-2008-0782Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NO...5.0Feb 14, 2008
CVE-2008-0781Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename...4.3Feb 14, 2008
CVE-2008-0780Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.4.3Feb 14, 2008
CVE-2007-2637MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.5.0May 13, 2007
CVE-2007-2423Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vuln...5.8May 2, 2007
CVE-2007-0902Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown...5.0Feb 13, 2007
CVE-2007-0901Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, d...4.3Feb 13, 2007
CVE-2007-0857Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFil...4.3Feb 8, 2007