Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2004-1177

Published: 10/01/2005 Updated: 11/10/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mailman

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the driver script in mailman prior to 2.1.5 allows remote malicious users to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu mailman 2.0.12

gnu mailman 2.0.13

gnu mailman 2.0.8

gnu mailman 2.0.9

gnu mailman 2.1.4

gnu mailman 2.1b1

gnu mailman 2.0

gnu mailman 2.0.1

gnu mailman 2.0.4

gnu mailman 2.0.5

gnu mailman 2.1

gnu mailman 2.1.1

gnu mailman 2.0.10

gnu mailman 2.0.11

gnu mailman 2.0.6

gnu mailman 2.0.7

gnu mailman 2.1.2

gnu mailman 2.1.3

gnu mailman 1.0

gnu mailman 1.1

gnu mailman 2.0.2

gnu mailman 2.0.3

Vendor Advisories

Red Hat: mailman security update
Synopsis mailman security update Type/Severity Security Advisory: Important Topic An updated mailman package that corrects a cross-site scripting flaw is nowavailableThis update has been rated as having important security impact by the RedHat Security Response Team Description Mailman man ...
Ubuntu Security Notice: mailman vulnerabilities
Florian Weimer discovered a cross-site scripting vulnerability in mailman’s automatically generated error messages An attacker could craft an URL containing JavaScript (or other content embedded into HTML) which triggered a mailman error page When an unsuspecting user followed this URL, the malicious content was copied unmodified to the error p ...
Debian Security Advisories: DSA-674-3 mailman -- cross-site scripting, directory traversal
Due to an incompatibility between Python 15 and 21 the last mailman update did not run with Python 15 anymore This problem is corrected with this update This advisory only updates the packages updated with DSA 674-2 The version in unstable is not affected since it is not supposed to work with Python 15 anymore For completeness below is the ...

References

NVD-CWE-Otherhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555http://www.debian.org/security/2005/dsa-674http://secunia.com/advisories/13603http://www.redhat.com/support/errata/RHSA-2005-235.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:015http://www.novell.com/linux/security/advisories/2005_07_mailman.htmlhttp://marc.info/?l=bugtraq&m=110549296126351&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18854https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113https://access.redhat.com/errata/RHSA-2005:235https://usn.ubuntu.com/59-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook