Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 42 results


CVE-2020-25074

High priority
Fixed

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin Not in release Fixed Fixed
Show less packages

CVE-2020-15275

Medium priority
Fixed

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is...

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin Not in release Fixed Fixed
Show less packages

CVE-2017-5934

Medium priority
Fixed

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin Fixed Fixed
Show less packages

CVE-2016-9119

Medium priority
Fixed

Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin Fixed
Show less packages

CVE-2016-7148

Medium priority
Fixed

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin Fixed
Show less packages

CVE-2016-7146

Medium priority
Fixed

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting...

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin Fixed
Show less packages

CVE-2012-6495

High priority

Some fixes available 4 of 5

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to...

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin
Show less packages

CVE-2012-6082

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin
Show less packages

CVE-2012-6081

High priority

Some fixes available 4 of 5

Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to...

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin
Show less packages

CVE-2012-6080

Medium priority

Some fixes available 4 of 5

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

1 affected packages

moin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moin
Show less packages