Cross-site Scripting Vulnerability in Mailman by Python Software Foundation
CVE-2018-0618

5.4MEDIUM

Key Information:

Vendor
Gnu Mailman
Status
Mailman
Vendor
CVE Published:
26 July 2018

Summary

A cross-site scripting vulnerability exists in Mailman versions prior to 2.1.27. This vulnerability permits remote authenticated attackers to inject arbitrary web scripts or HTML, potentially leading to unauthorized actions on behalf of other users or data exfiltration. Attackers can exploit this vulnerability through unspecified vectors, posing significant risks to the integrity of affected mailing lists.

Affected Version(s)

Mailman 2.1.26 and earlier

References

https://mail.python.org/pipermail/mailman-announce/2018-J...
mailing-listx_refsource_MLIST
https://www.debian.org/security/2018/dsa-4246
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/07/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.