Your submission was sent successfully! Close

CVE-2018-1000671

Published: 6 September 2018

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
sympa
Launchpad, Ubuntu, Debian
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(6.2.40~dfsg-1)
eoan Not vulnerable
(6.2.40~dfsg-1)
focal Not vulnerable
(6.2.40~dfsg-1)
groovy Not vulnerable
(6.2.40~dfsg-1)
hirsute Not vulnerable
(6.2.40~dfsg-1)
impish Not vulnerable
(6.2.40~dfsg-1)
jammy Not vulnerable
(6.2.40~dfsg-1)
kinetic Not vulnerable
(6.2.40~dfsg-1)
precise Does not exist

trusty
Released (6.1.17~dfsg-1ubuntu0.1~esm1)
upstream
Released (6.2.36~dfsg-1)
xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://github.com/sympa-community/sympa/commit/03314a9baf7f7903283253829877afd0ae50e325
upstream: https://github.com/sympa-community/sympa/commit/c6ce32a6c203070702eac45a4442a17d2bf7b0c1