{"id":"CVE-2020-15275","details":"MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.","aliases":["GHSA-4q96-6xhq-ff43","PYSEC-2020-241"],"modified":"2026-05-19T04:01:02.578362366Z","published":"2020-11-11T16:15:13.237Z","related":["openSUSE-SU-2020:1966-1","openSUSE-SU-2020:1998-1"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11"},{"type":"ADVISORY","url":"https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43"},{"type":"FIX","url":"https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2"},{"type":"EVIDENCE","url":"https://advisory.checkmarx.net/advisory/CX-2020-4285"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moinwiki/moin-1.9","events":[{"introduced":"0"},{"fixed":"bd1bf26293fd15e1246a57ebee7044beb88309af"},{"fixed":"31de9139d0aabc171e94032168399b4a0b2a88a2"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.9.11"}],"cpe":"cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["1.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15275.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}