{"id":"PYSEC-2020-241","details":"MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.","aliases":["CVE-2020-15275","GHSA-4q96-6xhq-ff43"],"modified":"2023-11-08T04:02:36.383393Z","published":"2020-11-11T16:15:00Z","references":[{"type":"FIX","url":"https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"},{"type":"ADVISORY","url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"},{"type":"WEB","url":"https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"},{"type":"ADVISORY","url":"https://advisory.checkmarx.net/advisory/CX-2020-4285"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"GIT","repo":"https://github.com/moinwiki/moin-1.9","events":[{"introduced":"0"},{"fixed":"31de9139d0aabc171e94032168399b4a0b2a88a2"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.11"}]}],"versions":["1.8.4","1.8.5","1.8.6","1.8.7","1.9.0","1.9.1","1.9.10","1.9.2","1.9.3","1.9.4","1.9.5","1.9.6","1.9.7","1.9.8","1.9.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2020-241.yaml"}}],"schema_version":"1.7.3"}