Published: 15/09/2010 Updated: 13/02/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman prior to 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu mailman 2.1.5
gnu mailman 2.1.11
gnu mailman 2.1.3
gnu mailman 2.1.8
gnu mailman 2.1.13
gnu mailman 2.1.2
gnu mailman 2.1.9
gnu mailman 2.1
gnu mailman 2.1.6
gnu mailman
gnu mailman 2.1.10
gnu mailman 2.1.1
gnu mailman 2.1.12
gnu mailman 2.1.7
gnu mailman 2.1.4

Debian Bug report logs - #599833 CVE-2010-3089 Package: mailman; Maintainer for mailman is Mailman for Debian <pkg-mailman-hackers@listsaliothdebianorg>; Source for mailman is src:mailman (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 11 Oct 2010 17:54:12 UTC Severity: grave Tag ...

It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting (XSS) vulnerabilities With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, withi ...

Two cross site scripting vulnerabilities were been discovered in Mailman, a web-based mailing list manager These allowed an attacker to retrieve session cookies via inserting crafted JavaScript into confirmation messages (CVE-2011-0707) and in the list admin interface (CVE-2010-3089; oldstable only) For the oldstable distribution (lenny), these p ...

CWE-79 http://marc.info/?l=oss-security&m=128440851513718&w=2 https://bugzilla.redhat.com/show_bug.cgi?id=631859 http://marc.info/?l=oss-security&m=128441369020123&w=2 http://marc.info/?l=oss-security&m=128438736513097&w=2 http://marc.info/?l=oss-security&m=128441135117819&w=2 http://secunia.com/advisories/41265 http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html https://launchpad.net/mailman/+milestone/2.1.14rc1 http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html https://bugzilla.redhat.com/show_bug.cgi?id=631881 http://marc.info/?l=oss-security&m=128441237618793&w=2 http://www.vupen.com/english/advisories/2010/3271 http://secunia.com/advisories/42502 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html http://www.vupen.com/english/advisories/2011/0436 http://secunia.com/advisories/43294 http://www.debian.org/security/2011/dsa-2170 http://www.ubuntu.com/usn/USN-1069-1 http://www.vupen.com/english/advisories/2011/0460 http://secunia.com/advisories/43425 http://secunia.com/advisories/43580 http://www.vupen.com/english/advisories/2011/0542 http://secunia.com/advisories/43549 http://www.redhat.com/support/errata/RHSA-2011-0308.html http://www.redhat.com/support/errata/RHSA-2011-0307.html http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599833 https://usn.ubuntu.com/1069-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3089

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect