CVE-2018-0618

Advisory

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.


MLIST:[mailman-announce] 20180622 Mailman 2.1.27 released: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
MLIST:[debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update: https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html
DEBIAN:DSA-4246: https://www.debian.org/security/2018/dsa-4246
JVN:JVN#00846677: http://jvn.jp/en/jp/JVN00846677/index.html

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0618
• https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html
• http://jvn.jp/en/jp/JVN00846677/index.html
• https://www.debian.org/security/2018/dsa-4246
• https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html
• https://security.gentoo.org/glsa/201904-10
• https://usn.ubuntu.com/4348-1/