CVE-2004-1735

NameCVE-2004-1735
DescriptionCross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs298105

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sympa (PTS)bullseye6.2.60~dfsg-4fixed
bookworm6.2.70~dfsg-2fixed
sid, trixie6.2.72~dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sympasource(unstable)4.1.5-4unimportant298105

Notes

A user with the privilege to create new mailing lists needs to be trustworthy

Search for package or bug name: Reporting problems