CVE-2018-0618

Synopsis Moderate: mailman security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for mailman is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ba ...

Several security issues were fixed in Mailman ...

Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field For the stable distribution (stretch), this problem has been fixed ...

A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts (CVE-2018-0618) An issue was discovered in GNU Mailman before 2128 A crafted URL can cause arbitrary text ...

Cross-site scripting vulnerability in Mailman 2126 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors (CVE-2018-0618) An issue was discovered in GNU Mailman before 2128 A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site (CVE-2018-13796) ...

A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts ...