CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.

Published: Nov 11, 2020
Updated: May 9, 2024
CVE: CVE-2020-15275
GHSA: GHSA-4q96-6xhq-ff43
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
moinmo / moinmoin	-	1.9.11
moin	-	1.9.11

https://advisory.checkmarx.net/advisory/CX-2020-4285
https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2
https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11
https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43
https://pypi.org/project/moin/

Vulnerability Database

CVE-2020-15275

Deep Security Visibility Without the Complexity