EulerOS 2.0 SP5 : mailman (EulerOS-SA-2022-1277)

According to the versions of the mailman package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the...

EulerOS 2.0 SP3 : mailman (EulerOS-SA-2022-1177)

According to the versions of the mailman package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the...

Amazon Linux AMI : mailman (ALAS-2018-985)

Cross-site scripting XSS vulnerability in web UI A cross-site scripting XSS flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. CVE-2018-5950 CSRF...

CVE-2016-6893

GNU Mailman 2.1.x contains a CSRF vulnerability (CVE-2016-6893) in the user options page that allows remote attackers to hijack a user’s session and perform option-modifying requests, potentially accessing victim credentials. The root cause is CSRF token protection not being correctly tied to the...

CVE-2016-6893

Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...

GNU Mailman 2.1 'email' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6677/info A vulnerability has been discovered in GNU Mailman. It has been reported that Mailman is prone to cross site scripting attacks. This is due to insufficient santization of URI parameters. As a result, attackers m...