← Back

CVE-2018-5950

nvd nist
Published: Jan 23, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

Affected (20)

Products: Gnu: Mailman · Debian: Debian Linux · Canonical: Ubuntu Linux · +1 more
Show all products
Gnu: Mailman · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Tus, Enterprise Linux Workstation
Gnu
1 product
Mailman
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Redhat
6 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Server Tus
Enterprise Linux Workstation
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Mailman
Before 2.1.26
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 17.10
Configuration D
13 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Desktop
Version 7.0
Redhat
Enterprise Linux Server
Version 6.0
Enterprise Linux Server
Version 7.0
Redhat
Enterprise Linux Server Aus
Version 7.4
Enterprise Linux Server Aus
Version 7.6
Redhat
Enterprise Linux Server Eus
Version 7.4
Enterprise Linux Server Eus
Version 7.5
Enterprise Linux Server Eus
Version 7.6
Redhat
Enterprise Linux Server Tus
Version 7.4
Enterprise Linux Server Tus
Version 7.6
Redhat
Enterprise Linux Workstation
Version 6.0
Enterprise Linux Workstation
Version 7.0

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (18)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Issue TrackingPatchThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.