Описание
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:2.1.26-1ubuntu0.5 |
| devel | DNE | |
| esm-apps/focal | released | 1:2.1.29-1ubuntu3.1+esm1 |
| esm-infra/bionic | released | 1:2.1.26-1ubuntu0.5 |
| esm-infra/xenial | released | 1:2.1.20-1ubuntu0.6+esm2 |
| focal | ignored | end of standard support, was needed |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
Ссылки на источники
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
Уязвимость параметров cgi/options.pyв пакета для управления рассылками электронных писем GNU Mailman, связанная с непринятием мер по защите структуры веб-страницы, позволяющая выполнить произвольный JavaScript-код
4.3 Medium
CVSS2
6.1 Medium
CVSS3