Hmpf

**Name of the Vulnerable Software and Affected Versions** sympa versions 6.2.16 and later **Description** The issue is related to an open redirection vulnerability in the `referer` parameter of the wwsympa.fcgi login action, which can result in open redirection and reflected XSS via data URIs. This can be exploited if a victim's browser follows a URL supplied by the attacker, potentially impacting the confidentiality and integrity of protected information. **Recommendations** For sympa versions 6.2.16 and later, as a temporary workaround, consider restricting access to the `referer` parameter in the wwsympa.fcgi login action until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.