Lucene search

[email protected]CVE-2001-0884

HistoryDec 21, 2001 - 5:00 a.m.

CVE-2001-0884

2001-12-2105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cross-site scripting

mailman

sensitive information

authentication credentials

6.5 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.

CPENameOperatorVersion
gnu:mailmangnu mailmaneq5.0
gnu:mailmangnu mailmaneq*
gnu:mailmangnu mailmaneq7.0
gnu:mailmangnu mailmaneq5.1
gnu:mailmangnu mailmaneq6.0

CPE	Name	Operator	Version
gnu:mailman	gnu mailman	eq	5.0
gnu:mailman	gnu mailman	eq	*
gnu:mailman	gnu mailman	eq	7.0
gnu:mailman	gnu mailman	eq	5.1
gnu:mailman	gnu mailman	eq	6.0

References

www.redhat.com/support/errata/RHSA-2001-168.html

www.redhat.com/support/errata/RHSA-2001-169.html

www.redhat.com/support/errata/RHSA-2001-170.html

www.securityfocus.com/advisories/3721

www.securityfocus.com/archive/1/242839

www.securityfocus.com/bid/3602

exchange.xforce.ibmcloud.com/vulnerabilities/7617

6.5 Medium

AI Score

Confidence

High

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.9%

JSON