First published: Tue Jan 23 2018(Updated: )
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Mailman | <2.1.26 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =17.10 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.4 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Eus | =7.4 | |
Redhat Enterprise Linux Server Eus | =7.5 | |
Redhat Enterprise Linux Server Eus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.4 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
redhat/mailman | <2.1.26 | 2.1.26 |
debian/mailman | <=1:2.1.25-1<=1:2.1.18-1 | 1:2.1.26-1 1:2.1.23-1+deb9u2 1:2.1.18-2+deb8u2 |
debian/mailman | ||
ubuntu/mailman | <1:2.1.23-1ubuntu0.2 | 1:2.1.23-1ubuntu0.2 |
ubuntu/mailman | <1:2.1.16-2ubuntu0.5 | 1:2.1.16-2ubuntu0.5 |
ubuntu/mailman | <2.1.26 | 2.1.26 |
ubuntu/mailman | <1:2.1.20-1ubuntu0.3 | 1:2.1.20-1ubuntu0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-5950 is a cross-site scripting (XSS) vulnerability in the web UI in Mailman before version 2.1.26, which allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
CVE-2018-5950 has a severity score of 6.1, which is considered medium.
Mailman versions before 2.1.26 are affected by CVE-2018-5950.
To fix CVE-2018-5950, you should update Mailman to version 2.1.26 or apply the recommended security patches provided by your operating system vendor.
You can find more information about CVE-2018-5950 at the following references: [Packet Storm Security](http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html), [SecurityFocus](http://www.securityfocus.com/bid/104594), [RedHat Security Advisory](https://access.redhat.com/errata/RHSA-2018:0504).