AVG-2552 log
| Package | mailman |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2.1.35-1 |
| Fixed | 2.1.37-1 |
| Current | Removed |
| Ticket | None |
| Created | Fri Nov 12 23:19:50 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-43332 | Medium | Yes | Private key recovery | In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could... |
| CVE-2021-43331 | Medium | Yes | Cross-site scripting | In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for cross-site scripting (XSS). |