CVE-2021-38354

The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...

CVE-2021-38354

The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...

Cross site scripting

The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...

CVE-2021-38354 GNU-Mailman Integration <= 1.0.6 Reflected Cross-Site Scripting

The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...

CVE-2021-38354

The issue is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin GNU-Mailman Integration (versions up to and including 1.0.6). The flaw is triggered via the gm_error parameter in the file path ~/includes/admin/mailing-lists-page.php , allowing an attacker to inject arbitrary we...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Debian DSA-4970-1 : postorius - security update

The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-4970 advisory. Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when...

GNU-Mailman Integration <= 1.0.6 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts...

GNU Mailman 访问控制错误漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software integrates with web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, content...

WordPress GNU-Mailman Integration plugin <= 1.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress GNU-Mailman Integration plugin versions = 1.0.6. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

PT-2021-22867 · Gnu +2 · Gnu Mailman Postorius +2

Name of the Vulnerable Software and Affected Versions: GNU Mailman Postorius versions prior to 1.3.5 Description: An issue was discovered in views/list.py in GNU Mailman Postorius. An attacker, logged into any account, can send a crafted POST request to unsubscribe any user from a mailing list,...

USN-5064-1: GNU cpio vulnerability

Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code...

ROS-2-439

2.439 Vulnerability in GNU C Library glibc 2.32 CVE-2016-10228,CVE-2020-10029. 1. Vulnerability Description: CVE-2016-10228 Looping in iconv utility, manifested when run with "-c" option, in case of incorrect multibyte data processing. CVE-2020-10029 Stack corruption when trigonometric functions...

ROS-2-1267

2.1267 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...

ROS-2-1189

2.1189 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...

ROS-2-819

2.819 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...

ROS-2-462

2.462 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...

ROS-2-2188

2.2188 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: Vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted archiv...

ROS-2-1166

2.1166 Vulnerability in GNU C Library glibc 2.32 CVE-2016-10228,CVE-2020-10029. 1. Vulnerability Description: CVE-2016-10228 Looping in iconv utility, manifested when run with "-c" option, in case of incorrect multibyte data processing. CVE-2020-10029 Stack corruption when trigonometric functions...

ROS-2-655

2.655 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...