Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Canonical |
|
| Debian |
|
| Gnu |
|
| Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 6 | |||
| mailman-3:2.1.12-26.el6_9.3 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2018:0504 | 2018-03-13T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| mailman-3:2.1.15-26.el7_4.1 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2018:0505 | 2018-03-13T00:00:00Z |
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-1272-1 | mailman security update |
 Debian DSA |
DSA-4108-1 | mailman security update |
 EUVD |
EUVD-2018-17717 | Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. |
 Ubuntu USN |
USN-3563-1 | Mailman vulnerability |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T05:47:56.171Z
Reserved: 2018-01-19T00:00:00
Link: CVE-2018-5950
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-01-23T16:29:01.647
Modified: 2024-11-21T04:09:44.107
Link: CVE-2018-5950
Redhat
OpenCVE Enrichment
No data.