AVG-2552 log
Package | mailman |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 2.1.35-1 |
Fixed | 2.1.37-1 |
Current | Removed |
Ticket | None |
Created | Fri Nov 12 23:19:50 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-43332 | Medium | Yes | Private key recovery | In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could... |
CVE-2021-43331 | Medium | Yes | Cross-site scripting | In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for cross-site scripting (XSS). |