CVE-2018-13796

Public on 2018-07-12
Modified on 2020-10-22
Description

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

Severity
Medium
See what this means
CVSS v3 Base Score
4.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 mailman 2020-07-14 01:54 ALAS-2020-1395
Amazon Linux 2 - Core mailman 2020-10-22 18:27 ALAS2-2020-1536

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD CVSSv3 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N