CVE-2018-5950

Опубликовано: 20 янв. 2018

Источник: redhat

CVSS3: 6.1

Описание

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	mailman	Will not fix
Red Hat Enterprise Linux 8	mailman	Not affected
Red Hat Enterprise Linux 6	mailman	Fixed	RHSA-2018:0504	13.03.2018
Red Hat Enterprise Linux 7	mailman	Fixed	RHSA-2018:0505	13.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=1537941mailman: Cross-site scripting (XSS) vulnerability in web UI

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2018-5950

CVSS3: 6.1

ubuntu

больше 7 лет назад

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

CVE-2018-5950

CVSS3: 6.1

nvd

больше 7 лет назад

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

CVE-2018-5950

CVSS3: 6.1

debian

больше 7 лет назад

Cross-site scripting (XSS) vulnerability in the web UI in Mailman befo ...

openSUSE-SU-2018:0800-1

suse-cvrf

около 7 лет назад

Security update for mailman

GHSA-224g-q27w-pv8f

CVSS3: 6.1

github

около 3 лет назад

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

6.1 Medium

CVSS3