{"containers": {"cna": {"affected": [{"product": "moin-1.9", "vendor": "moinwiki", "versions": [{"status": "affected", "version": "< 1.9.11"}]}], "descriptions": [{"lang": "en", "value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-30T21:15:23", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"}, {"tags": ["x_refsource_MISC"], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"}], "source": {"advisory": "GHSA-4q96-6xhq-ff43", "discovery": "UNKNOWN"}, "title": "malicious SVG attachment causing stored XSS vulnerability in MoinMoin", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15275", "STATE": "PUBLIC", "TITLE": "malicious SVG attachment causing stored XSS vulnerability in MoinMoin"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "moin-1.9", "version": {"version_data": [{"version_value": "< 1.9.11"}]}}]}, "vendor_name": "moinwiki"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43", "refsource": "CONFIRM", "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"}, {"name": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11", "refsource": "MISC", "url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"}, {"name": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2", "refsource": "MISC", "url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"}, {"name": "https://advisory.checkmarx.net/advisory/CX-2020-4285", "refsource": "MISC", "url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"}]}, "source": {"advisory": "GHSA-4q96-6xhq-ff43", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:15:19.004Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15275", "datePublished": "2020-11-11T15:45:15", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:15:19.004Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*", "matchCriteriaId": "90280389-72FE-47AD-9A03-4287C050976A", "versionEndExcluding": "1.9.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes."}, {"lang": "es", "value": "MoinMoin es un motor de wiki. En MoinMoin antes de la versi\u00f3n 1.9.11, un atacante con permisos de escritura puede cargar un archivo SVG que contiene javascript malicioso. Este javascript se ejecutar\u00e1 en el navegador de un usuario cuando el usuario est\u00e9 viendo ese archivo SVG en la wiki. Se recomienda encarecidamente a los usuarios que se actualicen a una versi\u00f3n parcheada. MoinMoin Wiki versi\u00f3n 1.9.11 tiene las correcciones necesarias y tambi\u00e9n contiene otras correcciones importantes"}], "id": "CVE-2020-15275", "lastModified": "2024-11-21T05:05:14.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-11T16:15:13.237", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://advisory.checkmarx.net/advisory/CX-2020-4285"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}