CVE-2021-43331

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions GNU Mailman versions prior to 2.1.36

Description The issue is related to a crafted URL to the "Cgi/options.py" user options page, which can execute arbitrary JavaScript for XSS. This is due to inadequate protection of the web page structure. A remote attacker can exploit this to execute arbitrary JavaScript code.

Recommendations For GNU Mailman versions prior to 2.1.36, update to version 2.1.36 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cgi/options.py page until a patch is available. Avoid using the page for sensitive operations until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2021-3272

ALT-PU-2021-3277

ALT-PU-2021-3299

BDU:2021-06194

CVE-2021-43331

DLA-3049-1

OESA-2021-1444

OESA-2022-1931

SUSE-SU-2022:1886-1

USN-5151-1

USN-5151-2

Affected Products

Alt Linux

Gnu Mailman

Linuxmint

Suse

Ubuntu

CVE-2021-43331

Weakness Enumeration

Related Identifiers

Affected Products

References · 39