CVE-2018-5950

Public on 2018-01-23

Modified on 2018-04-05

Description

A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions.

Severity

Medium

See what this means

CVSS v3 Base Score

6.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	mailman	2018-04-05 16:46	ALAS-2018-985
Amazon Linux 2 - Core	mailman	2018-04-05 16:09	ALAS2-2018-985

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
NVD	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD	CVSSv3	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

Red Hat: CVE-2018-5950 Mitre: CVE-2018-5950 FAQs regarding Amazon Linux ALAS/CVE Severity