Lucene search

GoogleOSV:GHSA-82RM-28Q9-435P

HistoryApr 29, 2022 - 1:25 a.m.

Mailman Cross-site scripting (XSS) vulnerability

2022-04-2901:25:43

Google

osv.dev

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

CPENameOperatorVersion
mailmaneq3.0.0b3-

CPE	Name	Operator	Version
	mailman	eq	3.0.0b3-

References

marc.info/?l=bugtraq&m=104342745916111

telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt

www.debian.org/security/2004/dsa-436

www.osvdb.org/9205

www.securityfocus.com/bid/6677

www.securitytracker.com/id?1005987

exchange.xforce.ibmcloud.com/vulnerabilities/11152

nvd.nist.gov/vuln/detail/CVE-2003-0038

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for OSV:GHSA-82RM-28Q9-435P