Cross-site Scripting Vulnerability in Mailman by GNU
CVE-2018-5950

6.1MEDIUM

Key Information:

Vendor

Gnu
Status
Mailman
Vendor
CVE Published:
23 January 2018

What is CVE-2018-5950?

The web UI in Mailman prior to version 2.1.26 is susceptible to a Cross-site Scripting (XSS) attack. This vulnerability enables remote attackers to inject arbitrary web scripts or HTML via manipulating user-options URLs. Successful exploitation could allow attackers to compromise user sessions or redirect users to malicious sites, making it imperative for users to upgrade to the latest version to mitigate potential security risks.

References

http://www.securityfocus.com/bid/104594
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0504
vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3563-1/
vendor-advisoryx_refsource_UBUNTU

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.