Your submission was sent successfully! Close

CVE-2018-5950

Published: 23 January 2018

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
mailman
Launchpad, Ubuntu, Debian
artful
Released (1:2.1.23-1ubuntu0.2)
precise Does not exist

trusty Does not exist
(trusty was released [1:2.1.16-2ubuntu0.5])
upstream
Released (2.1.26)
xenial
Released (1:2.1.20-1ubuntu0.3)