vulnerability

FreeBSD: VID-739948e3-78bf-11e8-b23c-080027ac955c (CVE-2018-0618): mailman -- hardening against malicious listowners injecting evil HTML scripts

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Jun 25, 2018	Jun 26, 2018	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Jun 25, 2018

Added

Jun 26, 2018

Modified

Dec 10, 2025

Description

Mark Sapiro reports: Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added. A few more error messages have had their values HTML escaped. The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and IP address.

Solutions

freebsd-upgrade-package-mailmanfreebsd-upgrade-package-mailman-with-htdigfreebsd-upgrade-package-ja-mailman

References

CVE-2018-0618
https://attackerkb.com/topics/CVE-2018-0618
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today