Lucene search
K

1490 matches found

OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-657 Mailman Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the 1 email or 2 language parameters...

4.3CVSS6AI score0.04721EPSS
Exploits0References10
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-658 Mailman Sensitive Information Disclosure

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server...

5CVSS6AI score0.02984EPSS
Exploits0References13
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-659 mailman Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...

4.3CVSS6.1AI score0.01782EPSS
Exploits0References13
OSV
OSV
added 2026/07/02 2:13 p.m.6 views

PYSEC-2026-660 Cross Site Request Forgery in mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make other changes...

8.8CVSS6.9AI score0.0073EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-661 Moderate severity vulnerability that affects mailman

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

6.5CVSS6.1AI score0.02541EPSS
Exploits0References8
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: python-postorius-1.3.13-1.fc44

The Postorius Django app provides a web user interface to access GNU Mailman...

7.2CVSS5.8AI score0.00237EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 12:56 a.m.7 views

[SECURITY] Fedora 43 Update: python-postorius-1.3.13-1.fc43

The Postorius Django app provides a web user interface to access GNU Mailman...

7.2CVSS5.8AI score0.00237EPSS
Exploits0
Debian
Debian
added 2026/05/08 6:54 p.m.11 views

[SECURITY] [DSA 6257-1] postorius security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6257-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq -...

7.2CVSS5.6AI score0.00237EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.10 views

Debian dsa-6257 : python3-django-postorius - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6257 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6257-1 [email protected] https://www.debian.org/security/...

7.2CVSS5.6AI score0.00237EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/07 9:30 p.m.9 views

mailman-web (>=0.0.5 <=0.0.9) potentially affected by CVE-2026-44742 via postorius (>=1.3.10 <=1.3.13)

postorius PYPI version =1.3.10, =0.0.5, =0.0.9 Source cves: CVE-2026-44742 Source advisory: OSV:GHSA-R7C9-7PJQ-HMM8...

7.2CVSS5.8AI score0.00237EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 8:24 p.m.8 views

mailman-web (>=0.0.5 <=0.0.9) potentially affected by CVE-2026-44742 via postorius (>=1.3.10 <=1.3.13)

postorius PYPI version =1.3.10, =0.0.5, =0.0.9 Source cves: CVE-2026-44742 Source advisory: SNYK:PYTHON-POSTORIUS-16635974...

7.2CVSS5.8AI score0.00237EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

Postorius 跨站脚本漏洞

Postorius is an open-source web application developed by GNU Mailman for managing email lists. Versions of Postorius 1.3.13 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of HTML in the message titles when these titles were rendere...

7.2CVSS5.7AI score0.00237EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.6 views

Ubuntu 16.04 LTS / 20.04 LTS : Mailman vulnerability (USN-8067-1)

The remote Ubuntu 16.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8067-1 advisory. It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin...

8.8CVSS6AI score0.0073EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/03/03 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-8067-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6AI score0.0073EPSS
Exploits0References2
OSV
OSV
added 2026/03/02 5:29 p.m.3 views

USN-8067-1 mailman vulnerability

It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes...

8.8CVSS7.3AI score0.0073EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/03/02 5:29 p.m.8 views

USN-8067-1: Mailman vulnerability

It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes...

8.8CVSS5.9AI score0.0073EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : mailman:2.1 (AXSA:2022-2976:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2976:01 advisory. mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 mailman: CSRF token derived from admin password allows...

8.5CVSS5.7AI score0.01289EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : mailman-2.1.15-30.el7 (AXSA:2020-4558:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4558:01 advisory. mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages CVE-2018-0618 mailman: Mishandled URLs...

6.5CVSS5.7AI score0.02541EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : mailman:2.1 (AXSA:2022-2979:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2979:01 advisory. mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover CVE-2021-44227 Tenable has extracted the preceding description block directly fr...

8.8CVSS5.6AI score0.0073EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 8 : mailman:2.1 mailman (AXSA:2021-1560:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1560:01 advisory. mailman: XSS via file attachments in list archives CVE-2020-12137 Tenable has extracted the preceding description block directly from the MiracleLinux securi...

6.1CVSS5.5AI score0.02288EPSS
Exploits0References2
Rows per page
Query Builder