CVE-2021-46900

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.

sympa-community/sympa
sympa-community/sympa
Sympa, Mailing List Management Software
GitHubGitHub
299
sympa-community/sympa-community.github.io
sympa-community/sympa-community.github.io
Incubating the new Sympa documentation site
GitHubGitHub
16