Published: 17/02/2004 Updated: 11/10/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman prior to 2.1.4 allows remote malicious users to steal session cookies and conduct unauthorized activities.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu mailman

Several vulnerabilities have been fixed in the mailman package: CAN-2003-0038 - potential cross-site scripting via certain CGI parameters (not known to be exploitable in this version) CAN-2003-0965 - cross-site scripting in the administrative interface CAN-2003-0991 - certain malformed email commands could cause the mailman process to crash ...

NVD-CWE-Other http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html http://www.securityfocus.com/bid/9336 http://www.redhat.com/support/errata/RHSA-2004-020.html http://www.debian.org/security/2004/dsa-436 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 http://www.mandriva.com/security/advisories?name=MDKSA-2004:013 http://www.osvdb.org/3305 http://secunia.com/advisories/10519 https://exchange.xforce.ibmcloud.com/vulnerabilities/14121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813 https://nvd.nist.gov https://www.debian.org/security/./dsa-436

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-0965

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect