Description

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.

Remediation

References

CVE-2021-42096

Related Vulnerabilities

WordPress Plugin Error Log Viewer by BestWebSoft Cross-Site Scripting (1.0.5)

Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-29470)

WordPress Plugin Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20280)

WordPress Plugin Compact WP Audio Player Multiple Vulnerabilities (1.9.6)

Severity

Medium

Classification

CVE-2021-42096 CWE-307 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities