Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
2018-01-23T16:29:01.647
2024-11-21T04:09:44.107
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gnu | mailman | < 2.1.26 | Yes |
Operating System | debian | debian_linux | 7.0 | Yes |
Operating System | debian | debian_linux | 8.0 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |
Operating System | canonical | ubuntu_linux | 14.04 | Yes |
Operating System | canonical | ubuntu_linux | 16.04 | Yes |
Operating System | canonical | ubuntu_linux | 17.10 | Yes |
Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
Operating System | redhat | enterprise_linux_server_aus | 7.4 | Yes |
Operating System | redhat | enterprise_linux_server_aus | 7.6 | Yes |
Operating System | redhat | enterprise_linux_server_eus | 7.4 | Yes |
Operating System | redhat | enterprise_linux_server_eus | 7.5 | Yes |
Operating System | redhat | enterprise_linux_server_eus | 7.6 | Yes |
Operating System | redhat | enterprise_linux_server_tus | 7.4 | Yes |
Operating System | redhat | enterprise_linux_server_tus | 7.6 | Yes |
Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |
Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |