CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

SUSE CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

Content Injection

GNU Mailman is vulnerable to content injection. An attacker is able to inject arbitrary content into the application via the Cgi/private.py private archive login page...

CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

Code injection

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

UBUNTU-CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

CVE-2020-15011

CVE-2020-15011 affects GNU Mailman prior to 2.1.33. The vulnerability allows arbitrary content injection via the Cgi/private.py private archive login page. Affected product: GNU Mailman 2.1.x (before 2.1.33). Impact described in sources as arbitrary content injection, with other related CVEs ofte...

CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

FreeBSD : mailman -- arbitrary content injection vulnerability via options or private archive login pages (88760f4d-8ef7-11ea-a66d-4b2ef158be83)

Mark Sapiro reports : A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh. An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack. added 2020-05-07 This is essentially the same as...

mailman -- arbitrary content injection vulnerability via options or private archive login pages

Mark Sapiro reports: A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh. An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack. added 2020-05-07 This is essentially the same as...

FreeBSD : mailman -- Private Archive Script XSS (8be2e304-cce6-11da-a3b1-00123ffe8333)

Secunia reports : A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute...

Cross site scripting

Cross-site scripting XSS vulnerability in the private archive script private.py in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument...