Your submission was sent successfully! Close

CVE-2021-43331

Published: 12 November 2021

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
mailman
Launchpad, Ubuntu, Debian
bionic
Released (1:2.1.26-1ubuntu0.5)
focal Needs triage

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Ignored
(out of standard support)
upstream Needs triage

xenial
Released (1:2.1.20-1ubuntu0.6+esm2)