Bug 1537941 (CVE-2018-5950) - CVE-2018-5950 mailman: Cross-site scripting (XSS) vulnerability in web UI
Summary: CVE-2018-5950 mailman: Cross-site scripting (XSS) vulnerability in web UI
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-5950
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1537942 1545966 1545967 1545973 1545974 1545975
Blocks: 1537944
TreeView+ depends on / blocked
 
Reported: 2018-01-24 07:01 UTC by Sam Fowler
Modified: 2019-09-29 14:30 UTC (History)
4 users (show)

Fixed In Version: mailman 2.1.26
Doc Type: If docs needed, set a value
Doc Text:
A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions.
Clone Of:
Environment:
Last Closed: 2018-03-13 18:51:04 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0504 normal SHIPPED_LIVE Moderate: mailman security update 2018-03-13 21:18:12 UTC
Red Hat Product Errata RHSA-2018:0505 normal SHIPPED_LIVE Moderate: mailman security update 2018-03-13 21:21:14 UTC

Description Sam Fowler 2018-01-24 07:01:36 UTC
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Reference:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888201

Comment 1 Sam Fowler 2018-01-24 07:01:56 UTC
Created mailman tracking bugs for this issue:

Affects: fedora-all [bug 1537942]

Comment 11 errata-xmlrpc 2018-03-13 16:13:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0504 https://access.redhat.com/errata/RHSA-2018:0504

Comment 12 errata-xmlrpc 2018-03-13 16:26:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0505 https://access.redhat.com/errata/RHSA-2018:0505


Note You need to log in before you can comment on or make changes to this bug.