Published: 07/02/2003 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote malicious users to inject script or HTML into web pages via the (1) email or (2) language parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu mailman 2.1

Several vulnerabilities have been fixed in the mailman package: CAN-2003-0038 - potential cross-site scripting via certain CGI parameters (not known to be exploitable in this version) CAN-2003-0965 - cross-site scripting in the administrative interface CAN-2003-0991 - certain malformed email commands could cause the mailman process to crash ...

source: wwwsecurityfocuscom/bid/6678/info A vulnerability has been discovered in GNU Mailman The issue occurs to insufficient sanitization of user-supplied data which is output when generating error pages As a result, attackers may embed malicious script code or HTML into a link to a site running the vulnerable software If such a link ...

source: wwwsecurityfocuscom/bid/6677/info A vulnerability has been discovered in GNU Mailman It has been reported that Mailman is prone to cross site scripting attacks This is due to insufficient santization of URI parameters As a result, attackers may embed malicious script code or HTML into a link to a site running the vulnerable s ...

NVD-CWE-Other http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt http://www.debian.org/security/2004/dsa-436 http://www.securityfocus.com/bid/6677 http://www.osvdb.org/9205 http://www.securitytracker.com/id?1005987 http://marc.info/?l=bugtraq&m=104342745916111 https://exchange.xforce.ibmcloud.com/vulnerabilities/11152 https://nvd.nist.gov https://www.debian.org/security/./dsa-436 https://www.exploit-db.com/exploits/22199/

CVE-2003-0038

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect