Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security/vuxml: document mail/mailman < 2.1.37 issues
- A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401) LP: A crafted URL to the user options page can execute arbitrary javascript. - A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-43332 (LP: #1949403) LP: The CSRF token for the admindb page contains an encrypted version of the list admin password which could potentially be cracked by a moderator via an off-line brute force attack. Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8 Security: CVE-2021-43331 Security: CVE-2021-43332
- Loading branch information