CVE-2021-43331

Public on 2021-11-12

Modified on 2024-01-30

Description

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.

Severity

Medium

CVSS v3 Base Score

6.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 2 - Core	mailman	2023-11-29	ALAS2-2023-2370	Fixed