Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-15275

Good to know:

icon
icon

Date: November 11, 2020

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.

Language: Python

Severity Score

Related Resources (9)

https://github.com/moinwiki/moin-1.9
https://advisory.checkmarx.net/advisory/CX-2020-4285
https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43
https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2020-241.yaml
https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11
https://pypi.org/project/moin
https://nvd.nist.gov/vuln/detail/CVE-2020-15275
https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2
https://www.mend.io/vulnerability-database/CVE-2020-15275

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version moin - 1.9.11

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us