Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888201
Created mailman tracking bugs for this issue: Affects: fedora-all [bug 1537942]
Upstream bug report: https://bugs.launchpad.net/mailman/+bug/1747209 Upstream commit: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1743 Upstream announcement: https://www.mail-archive.com/mailman-users@python.org/msg70478.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:0504 https://access.redhat.com/errata/RHSA-2018:0504
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0505 https://access.redhat.com/errata/RHSA-2018:0505