FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
88760f4d-8ef7-11ea-a66d-4b2ef158be83mailman -- arbitrary content injection vulnerability via options or private archive login pages

Mark Sapiro reports:

A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh.

An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack.

(added 2020-05-07) This is essentially the same as except the vector is the private archive login page and the attack only succeeds if the list's roster visibility (private_roster) setting is 'Anyone'.

Discovery 2020-04-20
Entry 2020-05-07
lt 2.1.30_4

ge 2.1.31 lt 2.1.33

lt 2.1.30_4

ge 2.1.31 lt 2.1.33