{"id":"CVE-2020-15275","details":"MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.","aliases":["GHSA-4q96-6xhq-ff43","PYSEC-2020-241"],"modified":"2026-04-10T04:22:53.953084Z","published":"2020-11-11T16:15:13.237Z","related":["GHSA-4q96-6xhq-ff43","openSUSE-SU-2020:1966-1","openSUSE-SU-2020:1998-1"],"references":[{"type":"ADVISORY","url":"https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"},{"type":"ADVISORY","url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"},{"type":"FIX","url":"https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"},{"type":"EVIDENCE","url":"https://advisory.checkmarx.net/advisory/CX-2020-4285"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moinwiki/moin-1.9","events":[{"introduced":"0"},{"fixed":"bd1bf26293fd15e1246a57ebee7044beb88309af"},{"fixed":"31de9139d0aabc171e94032168399b4a0b2a88a2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.9.11"}]}}],"versions":["1.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15275.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}