VDB
CVE-2020-15275
CVE-2020-15275
PUBLISHED
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
EPSS 0.42% · 62.1th percentile
Risk Scores
EPSS Score
0.42%
62.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | moin | 1.9.9-1ubuntu1, 1.9.9-1ubuntu1.1, 0 |
| Ubuntu:16.04:LTS | moin | 1.9.8-1ubuntu1.16.04.1, 0, 1.9.8-1ubuntu1.16.04.2 |
Exploit Intelligence
- https://advisory.checkmarx.net/advisory/CX-2020-4285 (nist-nvd)
- https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43 (circl)
- https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11 (circl)
- https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2 (circl)
Timeline
- Nov 9, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-15275 third-party-advisory
- https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43 third-party-advisory
- https://github.com/moinwiki/moin-1.9/commit/64e16037a60646a4d834f0203c75481b9c3fa74c third-party-advisory
- https://ubuntu.com/security/notices/USN-4629-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-15275 third-party-advisory