CVE-2021-43331

CWE-79 — Cross-site Scripting (XSS)9 documents6 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 64.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Mailman Debian Debian Linux

Timeline

PublishedNov 12

Latest updateMay 24

Description

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDgnu/mailman< 2.1.36

▶Ubuntumailman< 1:2.1.26-1ubuntu0.5+2

Also affects: Debian Linux 9.0

Patches

Patch: bugs.launchpad.net ↗Patch: bugs.launchpad.net ↗

🔴Vulnerability Details

GHSA

GHSA-25r6-8rph-4cc3: In GNU Mailman before 2↗2022-05-24

▶

OSV

mailman vulnerabilities↗2021-11-25

▶

OSV

mailman vulnerabilities↗2021-11-18

▶

CVEList

CVE-2021-43331: In GNU Mailman before 2↗2021-11-12

▶

OSV

CVE-2021-43331: In GNU Mailman before 2↗2021-11-12

▶

📋Vendor Advisories

Ubuntu

Mailman vulnerabilities↗2021-11-25

▶

Ubuntu

Mailman vulnerabilities↗2021-11-18

▶

Red Hat

mailman: XSS in Cgi/options.py via crafted URL↗2021-11-13

▶