CVE-2018-1000671

MEDIUM NUCLEI

sympa >=6.2.16 - Open Redirect

Title source: llm

Description

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.

Nuclei Templates (1)

Sympa version =>6.2.16 - Cross-Site Scripting

MEDIUMVERIFIEDby 0x_Akoko

Shodan: http.html:"sympa"

FOFA: body="sympa"

References (4)

[Issue Tracking, Third Party Advisory] https://github.com/sympa-community/sympa/issues/268

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html

[Vendor Advisory] https://usn.ubuntu.com/4442-1/

Scores

CVSS v3 6.1

EPSS 0.0062

EPSS Percentile 70.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (2)

debian/debian_linux 8.0

sympa/sympa 6.2.16

Published Sep 06, 2018

Tracked Since Feb 18, 2026