Description

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

Remediation

References

CVE-2020-15011

Related Vulnerabilities

WordPress Plugin Improved user search in backend Cross-Site Request Forgery (1.2.4)

Python Untrusted Search Path Vulnerability (CVE-2023-41105)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31548)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.13)

WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.23)

Severity

Medium

Classification

CVE-2020-15011 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities