2 matches found
Advisory ROSA-SA-2021-1913
Software: mailman 2.1.15 OS: Cobalt 7.9 CVE-ID: CVE-2016-6893 CVE-Crit: HIGH CVE-DESC: A cross-site request forgery CSRF vulnerability in the user parameter page in GNU Mailman 2.1.x through 2.1.23 allows remote attackers to intercept arbitrary user authentication for requests that modify a...
CVE-2020-12137
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...