rpm package
suse/moinmoin-wiki&distro=SUSE Package Hub 15 SP2
pkg:rpm/suse/moinmoin-wiki&distro=SUSE%20Package%20Hub%2015%20SP2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15275 | — | < 1.9.11-bp152.4.3.1 | 1.9.11-bp152.4.3.1 | Nov 11, 2020 | MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly | ||
| CVE-2020-25074 | — | < 1.9.11-bp152.4.3.1 | 1.9.11-bp152.4.3.1 | Nov 10, 2020 | The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. |
- CVE-2020-15275Nov 11, 2020affected < 1.9.11-bp152.4.3.1fixed 1.9.11-bp152.4.3.1
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly
- CVE-2020-25074Nov 10, 2020affected < 1.9.11-bp152.4.3.1fixed 1.9.11-bp152.4.3.1
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.