Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2021/12/03 12:0 a.m.37 views

RHEL 7 : mailman (RHSA-2021:4913)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4913 advisory. Mailman is a program used to help manage e-mail discussion lists. Security Fixes: mailman: CSRF token bypass allows to perform CSRF attacks...

8.8CVSS7.4AI score0.01613EPSS
Exploits0References8
Cent OS
Cent OS
added 2021/12/02 11:53 p.m.1029 views

mailman security update

CentOS Errata and Security Advisory CESA-2021:4913 An update for mailman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.9AI score0.01613EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/12/02 4:31 p.m.3 views

mailman: CSRF protection missing in the user options page

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

8.8CVSS7.5AI score0.01613EPSS
Exploits0References4
Veracode
Veracode
added 2021/11/23 2:50 a.m.26 views

Cross-site Scripting (XSS)

mailman:bionic is vulnerable to cross-site scripting XSS attacks. A crafted URL to the user options page in Cgi/options.py results in arbitrary JavaScript executions...

6.1CVSS2.7AI score0.01284EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2021/11/12 9:15 p.m.31 views

Cross site scripting

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

4.3CVSS6.5AI score0.01284EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/11/12 9:15 p.m.2 views

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

6.1CVSS6.9AI score0.01284EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2020/10/27 12:0 a.m.42 views

Recommended update for mailman (moderate)

openSUSE Security Update: Recommended update for mailman Announcement ID: openSUSE-SU-2020:1752-1 Rating: moderate References: 1171363 1173369 Cross-References: CVE-2020-12108 CVE-2020-12137 CVE-2020-15011 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes three vulnerabilities...

6.5CVSS6.7AI score0.02698EPSS
Exploits1References2
Mageia
Mageia
added 2018/03/29 9:0 p.m.47 views

Updated mailman packages fix a security vulnerability

Updated mailman package fixes security vulnerability: Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed ...

6.1CVSS0.8AI score0.04569EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2018/02/12 12:0 a.m.28 views

Debian DSA-4108-1 : mailman - security update

Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster. C Tenable Network...

6.1CVSS6.6AI score0.04569EPSS
Exploits3References6
OpenVAS
OpenVAS
added 2018/02/08 12:0 a.m.42 views

Debian: Security Advisory (DSA-4108-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.7AI score0.04569EPSS
Exploits3References4
OSV
OSV
added 2018/01/23 4:29 p.m.3 views

CVE-2018-5950

Cross-site scripting XSS vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL...

6.1CVSS5.9AI score0.04569EPSS
Exploits3References9
ALT Linux
ALT Linux
added 2016/09/24 12:0 a.m.36 views

Security fix for the ALT Linux 9 package mailman version 5:2.1.23-alt0.1.20160915

Sept. 24, 2016 Konstantin Lepikhov 5:2.1.23-alt0.1.20160915 - LP shapshot 20160916. - Security fixes: + CVE-2016-6893: Extend CSRF protection to user options page...

6.8CVSS8.8AI score0.01613EPSS
Exploits0
NVD
NVD
added 2016/09/02 2:59 p.m.14 views

CVE-2016-6893

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

8.8CVSS7.6AI score0.01613EPSS
Exploits0References4
OSV
OSV
added 2016/09/02 12:0 a.m.2 views

UBUNTU-CVE-2016-6893

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

8.8CVSS7.4AI score0.01613EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2016/08/25 12:18 p.m.29 views

CVE-2016-6893

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

8.8CVSS6.5AI score0.01613EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2003/02/08 12:0 a.m.30 views

mailman XSS in user options page

From the 2.1.1 release notes: Closed a cross-site scripting vulnerability in the user options page...

4.3CVSS5.9AI score0.04721EPSS
Exploits0References1
Rows per page
Query Builder