Skip to main content

Postorius

2 CVEs product

Monthly

CVE-2026-44742 PyPI HIGH GHSA This Week

Cross-site scripting (XSS) in Postorius mail list management interface allows unauthenticated remote attackers to inject malicious scripts via crafted email subjects in held messages. Active exploitation confirmed in May 2026 per vendor disclosure. Affects all versions through 1.3.13. Public exploit code available via GitLab merge request #972. EPSS data not yet available for this recent CVE, but confirmed in-the-wild activity elevates priority significantly despite moderate CVSS 7.2 score.

XSS Postorius
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2021-40347 PyPI MEDIUM POC PATCH This Month

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Postorius
NVD
CVSS 3.1
5.4
EPSS
1.2%
EPSS 0% CVSS 7.2
HIGH This Week

Cross-site scripting (XSS) in Postorius mail list management interface allows unauthenticated remote attackers to inject malicious scripts via crafted email subjects in held messages. Active exploitation confirmed in May 2026 per vendor disclosure. Affects all versions through 1.3.13. Public exploit code available via GitLab merge request #972. EPSS data not yet available for this recent CVE, but confirmed in-the-wild activity elevates priority significantly despite moderate CVSS 7.2 score.

XSS Postorius
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Postorius
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy