6.5 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.083 Low
EPSS
Percentile
94.3%
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber’s list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
CPE | Name | Operator | Version |
---|---|---|---|
gnu:mailman | gnu mailman | eq | 2.0.12 |
archives.neohapsis.com/archives/bugtraq/2002-07/0268.html
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000522
mail.python.org/pipermail/mailman-announce/2002-July/000043.html
www.debian.org/security/2002/dsa-147
www.iss.net/security_center/static/9985.php
www.redhat.com/support/errata/RHSA-2002-176.html
www.redhat.com/support/errata/RHSA-2002-177.html
www.redhat.com/support/errata/RHSA-2002-178.html
www.redhat.com/support/errata/RHSA-2002-181.html
www.securityfocus.com/bid/5298