CVE-2004-1735

NameCVE-2004-1735
DescriptionCross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs298105

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sympa (PTS)stretch6.2.16~dfsg-3+deb9u2fixed
stretch (security)6.2.16~dfsg-3+deb9u3fixed
buster6.2.40~dfsg-1fixed
bullseye6.2.40~dfsg-7fixed
sid6.2.58~dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sympasource(unstable)4.1.5-4unimportant298105

Notes

A user with the privilege to create new mailing lists needs to be trustworthy

Search for package or bug name: Reporting problems