Описание
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | mailman | Will not fix | ||
| Red Hat Enterprise Linux 6 | mailman | Will not fix | ||
| Red Hat Enterprise Linux 8 | mailman | Not affected | ||
| Red Hat Enterprise Linux 7 | mailman | Fixed | RHSA-2020:1054 | 31.03.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.8 Medium
CVSS3
Связанные уязвимости
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allow ...
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
EPSS
4.8 Medium
CVSS3