PT-2018-17241 · Gnu+5 · Mailman+5

Calum Hutton

Publicado

2018-01-23

Atualizado

2020-11-10

CVE-2018-5950

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Mailman versions prior to 2.1.26

Description: The issue is related to a cross-site scripting (XSS) vulnerability in the web UI. This allows remote attackers to inject arbitrary web script or HTML via a user-options URL. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations: For Mailman versions prior to 2.1.26, update to version 2.1.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the web UI to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2018-1315

CESA-2018_0504

CESA-2018_0505

CVE-2018-5950

DLA-1272-1

DSA-4108-1

MGASA-2018-0184

RHSA-2018:0504

RHSA-2018:0505

RHSA-2018_0504

RHSA-2018_0505

SUSE-SU-2018:4296-1

SUSE-SU-2019:13924-1

USN-3563-1

Produtos afetados

Alt Linux

Centos

Mailman

Red Hat

Suse

Ubuntu

PT-2018-17241 · Gnu+5 · Mailman+5

CVE-2018-5950

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35