Note:
This project will be discontinued after December 13, 2021. [more]
2018-01-23
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
Products | Ubuntu_linux, Debian_linux, Mailman, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Links |
• https://www.mail-archive.com/mailman-users%40python.org/msg70375.html
• https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html • https://usn.ubuntu.com/3563-1/ • http://www.securityfocus.com/bid/104594 • http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html |