FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mailman -- Cross-site scripting (XSS) vulnerability in the web UI

Affected packages
mailman < 2.1.26
mailman-with-htdig < 2.1.26
ja-mailman <= 2.1.14.j7_3,1

Details

VuXML ID 3d0eeef8-0cf9-11e8-99b0-d017c2987f9a
Discovery 2018-01-20
Entry 2018-02-08

Mark Sapiro reports:

An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user's browser. A related issue could expose information on a user's options page without requiring login.

References

CVE Name CVE-2018-5950
URL https://www.mail-archive.com/mailman-users@python.org/msg70478.html