CVE-2021-43331
published 2021-11-12CVE-2021-43331: In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| gnu | mailman | < 2.1.36 | 2.1.36 |
| gnu | mailman | >= 0 < 1:2.1.26-1ubuntu0.5 | 1:2.1.26-1ubuntu0.5 |
| gnu | mailman | >= 0 < 1:2.1.20-1ubuntu0.6+esm2 | 1:2.1.20-1ubuntu0.6+esm2 |
| gnu | mailman | >= 0 < 1:2.1.29-1ubuntu3.1+esm1 | 1:2.1.29-1ubuntu3.1+esm1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM