255 matches found
Mailman < 2.1.36 Multiple Vulnerabilities
Mailman is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...
CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...
CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...
CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...
CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...
Cross site scripting
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
UBUNTU-CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
UBUNTU-CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...
CVE-2021-43332
CVE-2021-43332 affects GNU Mailman before 2.1.36. The CSRF token on Cgi/admindb.py admindb page contains an encrypted version of the list admin password, which could potentially be cracked by a moderator via offline brute-force. Documents correlate this with other Mailman issues (e.g., CVE-2021-4...
CVE-2021-43331
GNU Mailman before 2.1.36 is affected. A crafted URL to the Cgi/options.py user options page can trigger cross-site scripting (XSS) by executing arbitrary JavaScript. Public sources confirm fixes in Mailman 2.1.36 and later; apply the upgrade to mitigate. The documentation also references related...
CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
CVE-2021-43331
Removed by vendor...
PT-2021-5364 · Unknown +4 · Gnu Mailman +4
Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to a crafted URL to the "Cgi/options.py" user options page, which can execute arbitrary JavaScript for XSS. This is due to inadequate protection of the web page structure....
PT-2021-5365 · Unknown +4 · Gnu Mailman +4
Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to insufficient restriction of authentication attempts in GNU Mailman, allowing a remote attacker to bypass authentication by guessing the administrator's password using a...
GNU Mailman 跨站脚本漏洞
GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, conte...
Cross-Site Scripting (XSS)
GNU Mailman is vulnerable to cross-site scripting. The vulnerability exists due to HTTP reply from an archive web server lacking a MIME type, and a web browser performing MIME sniffing may conclude that the MIME type should have been text/html, and execute JavaScript code...
Privilege Escalation
GNU Mailman allows remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...