Note:
This project will be discontinued after December 13, 2021. [more]
2018-07-26
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
| Products | Debian_linux, Mailman |
| Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.gentoo.org/glsa/201904-10
• http://jvn.jp/en/jp/JVN00846677/index.html • https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html • https://usn.ubuntu.com/4348-1/ • https://www.debian.org/security/2018/dsa-4246 |