In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
Max CVSS
6.1
EPSS Score
0.20%
Published
2021-11-12
Updated
2022-12-09
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
Max CVSS
6.1
EPSS Score
1.45%
Published
2020-04-24
Updated
2022-11-16
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
Max CVSS
6.1
EPSS Score
0.35%
Published
2018-01-23
Updated
2020-11-10
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
5.4
EPSS Score
0.11%
Published
2018-07-26
Updated
2020-05-06
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
Max CVSS
4.3
EPSS Score
0.09%
Published
2011-12-29
Updated
2013-01-03
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
Max CVSS
4.3
EPSS Score
0.33%
Published
2011-02-22
Updated
2023-02-13
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
Max CVSS
3.5
EPSS Score
0.16%
Published
2010-09-15
Updated
2023-02-13
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
6.8
EPSS Score
2.05%
Published
2006-09-06
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
Max CVSS
2.6
EPSS Score
0.31%
Published
2006-04-11
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
Max CVSS
4.3
EPSS Score
0.39%
Published
2005-01-10
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
Max CVSS
4.3
EPSS Score
0.37%
Published
2004-02-17
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
Max CVSS
6.8
EPSS Score
2.03%
Published
2004-02-17
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
Max CVSS
4.3
EPSS Score
0.39%
Published
2003-02-07
Updated
2017-07-11
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
Max CVSS
7.5
EPSS Score
8.27%
Published
2002-09-05
Updated
2008-09-05
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
Max CVSS
7.5
EPSS Score
1.48%
Published
2002-06-18
Updated
2009-07-21
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
Max CVSS
5.1
EPSS Score
0.42%
Published
2001-12-21
Updated
2017-10-10
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!