Published: 06/09/2006 Updated: 18/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site scripting (XSS) vulnerabilities in Mailman prior to 2.1.9rc1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu mailman 2.1.1
gnu mailman 2.1.7
gnu mailman 2.1.8
gnu mailman 2.1.2
gnu mailman 2.1.3
gnu mailman 2.1b1
gnu mailman 2.1
gnu mailman 2.1.5.8
gnu mailman 2.1.6
gnu mailman 2.1.4
gnu mailman 2.1.5

Debian Bug report logs - #599833 CVE-2010-3089 Package: mailman; Maintainer for mailman is Mailman for Debian <pkg-mailman-hackers@listsaliothdebianorg>; Source for mailman is src:mailman (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 11 Oct 2010 17:54:12 UTC Severity: grave Tag ...

Steve Alexander discovered that mailman did not properly handle attachments with special filenames A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts (CVE-2006-2941) ...

Several security related problems have been discovered in mailman, the web-based GNU mailing list manager The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3636 Moritz Naumann discovered several cross-site scripting problems that could allow remote attackers to inject arbitrary web script code ...

source: wwwsecurityfocuscom/bid/20021/info Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input These issues include multiple cross-site scripting vulnerabilities and a CRLF-injection vulnerability A successful exploit of these issues could allow an attacker to steal cookie ...

Mailman version 218 suffers from cross site scripting and log file injection vulnerabilities ...

NVD-CWE-Other http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295 http://secunia.com/advisories/21732 http://www.securityfocus.com/bid/19831 http://rhn.redhat.com/errata/RHSA-2006-0600.html http://secunia.com/advisories/21792 http://www.ubuntu.com/usn/usn-345-1 http://securitytracker.com/id?1016808 http://secunia.com/advisories/21879 http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt http://security.gentoo.org/glsa/glsa-200609-12.xml http://secunia.com/advisories/22011 http://secunia.com/advisories/22020 http://www.debian.org/security/2006/dsa-1188 http://secunia.com/advisories/22227 http://www.novell.com/linux/security/advisories/2006_25_sr.html http://www.securityfocus.com/bid/20021 http://secunia.com/advisories/22639 http://www.mandriva.com/security/advisories?name=MDKSA-2006:165 http://www.vupen.com/english/advisories/2006/3446 https://exchange.xforce.ibmcloud.com/vulnerabilities/28731 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553 http://www.securityfocus.com/archive/1/445992/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599833 https://usn.ubuntu.com/345-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/28570/

CVE-2006-3636

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect