- Home
- CVEs with nessus.description==According to its version number, the MoinMoin install hosted on the remote web server is affected by multiple vulnerabilities:
- Versions 1.9.3 up to 1.9.5 are affected by a directory traversal vulnerability because the _do_attachment_move action in 'AttachFile.py' does not properly sanitize user-supplied input. This could allow an unauthenticated, remote attacker to upload and overwrite arbitrary files on the remote host.
(CVE-2012-6080)
- Versions 1.9.x up to 1.9.5 are affected by a remote code execution vulnerability because the 'twikidraw.py' action fails to properly sanitize user-supplied input.
A remote, unauthenticated attacker could utilize a specially crafted request using directory traversal style characters to upload a file containing arbitrary code to the remote host. An attacker could then execute the code with the privileges of the user that runs the MoinMoin process. (CVE-2012-6081)
- Version 1.9.5 is affected by a cross-site scripting (XSS) vulnerability because the application fails to properly sanitize user-supplied input in the 'page_name' parameter when creating an rss link. An attacker could leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site. (CVE-2012-6082)
- Versions < 1.9.x are not maintained by MoinMoin developers and should be considered vulnerable.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top