1490 matches found
PYSEC-2026-657 Mailman Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the 1 email or 2 language parameters...
PYSEC-2026-658 Mailman Sensitive Information Disclosure
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server...
PYSEC-2026-659 mailman Cross-site scripting (XSS) vulnerability
Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...
PYSEC-2026-660 Cross Site Request Forgery in mailman
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make other changes...
PYSEC-2026-661 Moderate severity vulnerability that affects mailman
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...
[SECURITY] Fedora 44 Update: python-postorius-1.3.13-1.fc44
The Postorius Django app provides a web user interface to access GNU Mailman...
[SECURITY] Fedora 43 Update: python-postorius-1.3.13-1.fc43
The Postorius Django app provides a web user interface to access GNU Mailman...
[SECURITY] [DSA 6257-1] postorius security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6257-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq -...
Debian dsa-6257 : python3-django-postorius - security update
The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6257 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6257-1 [email protected] https://www.debian.org/security/...
mailman-web (>=0.0.5 <=0.0.9) potentially affected by CVE-2026-44742 via postorius (>=1.3.10 <=1.3.13)
postorius PYPI version =1.3.10, =0.0.5, =0.0.9 Source cves: CVE-2026-44742 Source advisory: OSV:GHSA-R7C9-7PJQ-HMM8...
mailman-web (>=0.0.5 <=0.0.9) potentially affected by CVE-2026-44742 via postorius (>=1.3.10 <=1.3.13)
postorius PYPI version =1.3.10, =0.0.5, =0.0.9 Source cves: CVE-2026-44742 Source advisory: SNYK:PYTHON-POSTORIUS-16635974...
Postorius 跨站脚本漏洞
Postorius is an open-source web application developed by GNU Mailman for managing email lists. Versions of Postorius 1.3.13 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of HTML in the message titles when these titles were rendere...
Ubuntu 16.04 LTS / 20.04 LTS : Mailman vulnerability (USN-8067-1)
The remote Ubuntu 16.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8067-1 advisory. It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin...
Ubuntu: Security Advisory (USN-8067-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-8067-1 mailman vulnerability
It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes...
USN-8067-1: Mailman vulnerability
It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes...
MiracleLinux 8 : mailman:2.1 (AXSA:2022-2976:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2976:01 advisory. mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 mailman: CSRF token derived from admin password allows...
MiracleLinux 7 : mailman-2.1.15-30.el7 (AXSA:2020-4558:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4558:01 advisory. mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages CVE-2018-0618 mailman: Mishandled URLs...
MiracleLinux 8 : mailman:2.1 (AXSA:2022-2979:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2979:01 advisory. mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover CVE-2021-44227 Tenable has extracted the preceding description block directly fr...
MiracleLinux 8 : mailman:2.1 mailman (AXSA:2021-1560:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1560:01 advisory. mailman: XSS via file attachments in list archives CVE-2020-12137 Tenable has extracted the preceding description block directly from the MiracleLinux securi...