Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2002-0855

Published: 05/09/2002 Updated: 05/09/2008
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mailman

Vulnerability Summary

Cross-site scripting vulnerability in Mailman prior to 2.0.12 allows remote malicious users to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu mailman 2.0.12

Vendor Advisories

Debian Security Advisories: DSA-147-1 mailman -- cross-site scripting
A cross-site scripting vulnerability was discovered in mailman, a software to manage electronic mailing lists When a properly crafted URL is accessed with Internet Explorer (other browsers don't seem to be affected), the resulting webpage is rendered similar to the real one, but the javascript component is executed as well, which could be used by ...

Exploits

Exploit DB: GNU Mailman 2.0.x - Subscribe Cross-Site Scripting
source: wwwsecurityfocuscom/bid/5298/info GNU Mailman is prone to a cross-site scripting vulnerability Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts An attacker may exploit this issue by creating a malicious link containing arbitrary script code and enticing a web user to vis ...
Exploit DB: GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting
source: wwwsecurityfocuscom/bid/5299/info GNU Mailman is prone to a cross-site scripting vulnerability An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code A user visiting the link will have the attacker's script code executed in their web browser in the context of ...

References

NVD-CWE-Otherhttp://mail.python.org/pipermail/mailman-announce/2002-July/000043.htmlhttp://www.iss.net/security_center/static/9985.phphttp://www.securityfocus.com/bid/5298http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.htmlhttp://www.redhat.com/support/errata/RHSA-2002-176.htmlhttp://www.redhat.com/support/errata/RHSA-2002-177.htmlhttp://www.redhat.com/support/errata/RHSA-2002-178.htmlhttp://www.redhat.com/support/errata/RHSA-2002-181.htmlhttp://www.debian.org/security/2002/dsa-147http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000522https://nvd.nist.govhttps://www.debian.org/security/./dsa-147https://www.exploit-db.com/exploits/21641/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook