Vulnerabilities > GNU > Mailman > 2.1.18

DATE CVE VULNERABILITY TITLE RISK
2020-05-06 CVE-2020-12108 Injection vulnerability in multiple products
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
network
low complexity
gnu debian fedoraproject opensuse canonical CWE-74
6.5
2020-04-24 CVE-2020-12137 Cross-site Scripting vulnerability in multiple products
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts.
network
low complexity
gnu debian fedoraproject canonical opensuse CWE-79
6.1
2018-07-26 CVE-2018-0618 Cross-site Scripting vulnerability in multiple products
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
gnu debian CWE-79
5.4
2018-07-12 CVE-2018-13796 Improper Input Validation vulnerability in GNU Mailman
An issue was discovered in GNU Mailman before 2.1.28.
network
low complexity
gnu CWE-20
6.5
2018-01-23 CVE-2018-5950 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
network
low complexity
gnu debian canonical redhat CWE-79
6.1
2016-09-02 CVE-2016-6893 Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
network
low complexity
gnu CWE-352
8.8