CVE-2020-12108

CWE-74 CWE-79 — Cross-site Scripting (XSS)10 documents7 sources

Severity

6.5MEDIUM

EPSS

8.0%

top 7.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Mailman Canonical Ubuntu Linux Debian Debian Linux +3 more

Timeline

PublishedMay 6

Latest updateMay 24

Description

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgnu/mailman< 2.1.31

▶Ubuntumailman< 1:2.1.20-1ubuntu0.5+2

▶NVDopensuse/leap15.1, 15.2+1

▶NVDopensuse/backports_sle15.0

Also affects: Debian Linux 10.0, 9.0, Fedora 31, Ubuntu Linux 16.04, 18.04

Patches

Patch: bugs.launchpad.net ↗Patch: bugs.launchpad.net ↗

🔴Vulnerability Details

GHSA

GHSA-67xg-7gqq-pccf: /options/mailman in GNU Mailman before 2↗2022-05-24

▶

OSV

mailman vulnerabilities↗2021-11-01

▶

OSV

CVE-2020-12108: /options/mailman in GNU Mailman before 2↗2020-05-06

▶

CVEList

CVE-2020-12108: /options/mailman in GNU Mailman before 2↗2020-05-06

▶

📋Vendor Advisories

Ubuntu

Mailman vulnerabilities↗2021-11-01

▶

Ubuntu

Mailman vulnerability↗2020-05-11

▶

Red Hat

mailman: arbitrary content injection via the options login page↗2020-05-06

▶

💬Community

Bugzilla

CVE-2020-12108 mailman: arbitrary content injection via the options login page↗2020-06-19

▶

Bugzilla

CVE-2020-12108 mailman: /options/mailman allows Arbitrary Content Injection [fedora-31]↗2020-06-19

▶