CVE-2018-5950

CVE: CVE-2018-5950
Published: 2018-01-23T16:29Z
Vendor: gnu
Products: mailman
Versions: -, 1.0, 1.1, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.5.8, 2.1.6, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.10b1, 2.1.10b3, 2.1.10b4, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.14-1, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.1.18-1, 2.1.19, 2.1.20, 2.1.21, 2.1.22, 2.1.23,
Description Language: en
Description: Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
References:
https://bugs.launchpad.net/mailman/+bug/1747209
https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html
https://www.debian.org/security/2018/dsa-4108
https://www.mail-archive.com/mailman-users@python.org/msg70375.html