Vulnerability Details : CVE-2010-3089
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2010-3089
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3089
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2010-3089
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3089
-
http://marc.info/?l=oss-security&m=128441369020123&w=2
'Re: [oss-security] CVE Request: mailman' - MARC
-
http://marc.info/?l=oss-security&m=128440851513718&w=2
'Re: [oss-security] CVE Request: mailman' - MARC
-
http://support.apple.com/kb/HT4581
About the security content of Mac OS X v10.6.7 and Security Update 2011-001 - Apple Support
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html
[SECURITY] Fedora 13 Update: mailman-2.1.12-16.fc13
-
http://www.redhat.com/support/errata/RHSA-2011-0307.html
Support
-
http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html
[Mailman-Announce] Mailman security patch.
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html
[SECURITY] Fedora 14 Update: mailman-2.1.13-6.fc14.1
-
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:009
-
http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html
[Mailman-Announce] Mailman security patch.
-
http://marc.info/?l=oss-security&m=128441237618793&w=2
'Re: [oss-security] CVE Request: mailman' - MARC
-
http://www.vupen.com/english/advisories/2011/0542
Webmail | OVH- OVH
-
http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html
openSUSE-SU-2011:0424-1 (low): mailman security update to fix XSS vulner
-
http://www.ubuntu.com/usn/USN-1069-1
USN-1069-1: Mailman vulnerabilities | Ubuntu security notices
-
http://www.vupen.com/english/advisories/2011/0436
Webmail | OVH- OVH
-
https://bugzilla.redhat.com/show_bug.cgi?id=631859
631859 – Mailman: Cross-site scripting (XSS) in list information overview
-
http://www.vupen.com/english/advisories/2011/0460
Webmail | OVH- OVH
-
http://www.redhat.com/support/errata/RHSA-2011-0308.html
Support
-
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Apple - Lists.apple.com
-
http://marc.info/?l=oss-security&m=128438736513097&w=2
'[oss-security] CVE Request: mailman' - MARC
-
https://bugzilla.redhat.com/show_bug.cgi?id=631881
631881 – (CVE-2010-3089) CVE-2010-3089 mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks
-
http://www.vupen.com/english/advisories/2010/3271
Webmail | OVH- OVH
-
http://marc.info/?l=oss-security&m=128441135117819&w=2
'Re: [oss-security] CVE Request: mailman' - MARC
-
https://launchpad.net/mailman/+milestone/2.1.14rc1
2.1.14rc1 : GNU Mailman
-
http://www.debian.org/security/2011/dsa-2170
Debian -- Security Information -- DSA-2170-1 mailman
Products affected by CVE-2010-3089
- cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1:stable:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1:beta:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*