Description GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. Remediation References CVE-2020-15011 Related Vulnerabilities WordPress Plugin WP Sitemap Page Cross-Site Scripting (1.6.6) WordPress Plugin File Manager Unspecified Vulnerability (5.1.5) WordPress Plugin Image Optimizer by 10web-Image Optimizer and Compression Multiple Vulnerabilities (1.0.26) Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2009-0023) PostgreSQL Other Vulnerability (CVE-2012-1618) Severity Medium Classification CVE-2020-15011 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities