CVE-2020-15011

CWE-74CWE-79Cross-site Scripting (XSS)10 documents7 sources
Severity
4.3MEDIUM
EPSS
1.3%
top 20.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU MailmanCanonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedJun 24
Latest updateMay 24

Description

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDgnu/mailman< 2.1.33
Ubuntumailman< 1:2.1.20-1ubuntu0.6+2

Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 16.04, 18.04

Patches

Patch: bugs.launchpad.netPatch: bugs.launchpad.net

🔴Vulnerability Details

4
GHSA
GHSA-fvg8-xwx7-9x5m: GNU Mailman before 22022-05-24
OSV
mailman vulnerabilities2021-11-01
CVEList
CVE-2020-15011: GNU Mailman before 22020-06-24
OSV
CVE-2020-15011: GNU Mailman before 22020-06-24

📋Vendor Advisories

3
Ubuntu
Mailman vulnerabilities2021-11-01
Ubuntu
Mailman vulnerability2020-06-29
Red Hat
mailman: arbitrary content injection via the private archive login page2020-05-07

💬Community

2
Bugzilla
CVE-2020-15011 mailman: arbitrary content injection via the private archive login page [fedora-all]2020-06-24
Bugzilla
CVE-2020-15011 mailman: arbitrary content injection via the private archive login page2020-06-24
CVE-2020-15011 (MEDIUM CVSS 4.3) | GNU Mailman before 2.1.33 allows ar | cvebase.io