CVE-2018-0618

Public on 2020-07-14
Modified on 2020-10-22
Description
A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts.
Severity
Medium
CVSS v3 Base Score
4.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 mailman 2020-10-22 18:27 ALAS2-2020-1536
Amazon Linux 1 mailman 2020-07-14 01:54 ALAS-2020-1395

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
NVD CVSSv2 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N
NVD CVSSv3 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N