CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.

**Potential XSS attack via the user options page.**

Bug #1949401 reported by Mark Sapiro on 2021-11-01

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

GNU Mailman

Fix Released

Medium

Mark Sapiro

GNU Mailman 2.1.36

**Bug Description**

A crafted URL to the user options page can execute arbitrary javascript.

**Related branches**

Changed in mailman:

**status**:

In Progress → Fix Released

**information type**:

Private Security → Public Security

To post a comment you must log in.

*   Report a bug

This report contains **Public Security** information

Everyone can see this security related information.

**Other bug subscribers**

Headline

CVE-2021-43331: Bug #1949401 “Potential XSS attack via the user options page.” : Bugs : GNU Mailman

CVE: Latest News