Description

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.

Remediation

References

CVE-2018-13796

Related Vulnerabilities

WordPress Plugin Monsters Editor for WP Super Edit Arbitrary File Upload (1.1)

Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11585)

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Server-Side Request Forgery (4.2.5)

Oracle Database Server CVE-2024-21233 Vulnerability (CVE-2024-21233)

WordPress Plugin Portfolio by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (2.27)

Severity

Medium

Classification

CVE-2018-13796 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities