header-logo
Suggest Exploit
vendor:
Mailman
by:
Valerio Alessandroni
6.1
CVSS
MEDIUM
Reflected XSS
79
CWE
Product Name: Mailman
Affected Version From: >=1.x
Affected Version To: <=2.1.23
Patch Exists: YES
Related CWE: CVE-2018-5950
CPE: a:gnu:mailman:2.1.23
Metasploit: https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/suse-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/debian-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp1-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2018-5950/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2018-5950/
Other Scripts: N/A
Platforms Tested: None
2018

Mailman 1.x > 2.1.23 – Cross Site Scripting (XSS)

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. An URL Encoded version of the payload is %22%61%63%63%65%73%73%6b%65%79%3d%22%78%22%6f%6e%63%6c%69%63%6b%3d%22%61%6c%65%72%74%60%58%53%53%60%22. In order to trigger the alert, the victim has to press the following buttons ALT+SHIFT+X where X is an arbitrary button inserted as accesskey attribute in the payload.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

Navigation

Suggest Exploit

Services By CQR