CVE-2018-0618

Public on 2018-07-26
Modified on 2020-10-22
Description
A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts.
Severity
Medium severity
Medium
CVSS v3 Base Score
4.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 mailman 2020-07-14 ALAS-2020-1395 Fixed
Amazon Linux 2 - Core mailman 2020-10-22 ALAS2-2020-1536 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.8 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
NVD CVSSv2 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N
NVD CVSSv3 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

Red Hat: CVE-2018-0618 Mitre: CVE-2018-0618