| CVE-2010-0717 |
high |
— |
7.5 |
|
|
|
4y ago |
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. |
| CVE-2009-4762 |
high |
— |
7.5 |
|
|
|
16y ago |
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended a… |
| CVE-2010-0669 |
high |
— |
7.5 |
|
|
|
17y ago |
MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors. |
| CVE-2010-0828 |
low |
— |
3.5 |
|
|
|
16y ago |
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creati… |
| CVE-2011-1058 |
low |
— |
2.6 |
|
|
|
16y ago |
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote att… |