Moinmo: >> Moinmoin >> 1.9.0 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.
CVSS Score
4.3
EPSS Score
0.013
Published
2010-08-05
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.008
Published
2010-02-26
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
CVSS Score
6.8
EPSS Score
0.015
Published
2010-02-26
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.
CVSS Score
7.5
EPSS Score
0.01
Published
2010-02-26
Page 2