Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6qgd-vwez-mfcc
Summarylistmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Super Admin) views or previews this content, the XSS executes in their browser context, allowing the attacker to perform privileged actions such as creating backdoor admin accounts. The attack can be weaponized via the public archive feature, where victims simply need to visit a link - no preview click required. Version 6.0.0 fixes the issue.
Aliases
0
alias CVE-2026-21483
1
alias GHSA-jmr4-p576-v565
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-21483
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00518
published_at 2026-06-11T12:55:00Z
1
value 8e-05
scoring_system epss
scoring_elements 0.00766
published_at 2026-06-14T12:55:00Z
2
value 8e-05
scoring_system epss
scoring_elements 0.00763
published_at 2026-06-13T12:55:00Z
3
value 8e-05
scoring_system epss
scoring_elements 0.00761
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-21483
1
reference_url https://github.com/knadh/listmonk
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/knadh/listmonk
2
reference_url https://github.com/knadh/listmonk/commit/74dc5a01cfbb12cf218cb33ddad8410c53e2e915
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/knadh/listmonk/commit/74dc5a01cfbb12cf218cb33ddad8410c53e2e915
3
reference_url https://github.com/knadh/listmonk/releases/tag/v6.0.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/knadh/listmonk/releases/tag/v6.0.0
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-21483
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-21483
5
reference_url https://github.com/knadh/listmonk/security/advisories/GHSA-jmr4-p576-v565
reference_id GHSA-jmr4-p576-v565
reference_type
scores
0
value 5.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-02T21:18:17Z/
url https://github.com/knadh/listmonk/security/advisories/GHSA-jmr4-p576-v565
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6qgd-vwez-mfcc