16 matches found
RHEL 7 : mailman (RHSA-2021:4913)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4913 advisory. Mailman is a program used to help manage e-mail discussion lists. Security Fixes: mailman: CSRF token bypass allows to perform CSRF attacks...
mailman security update
CentOS Errata and Security Advisory CESA-2021:4913 An update for mailman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
mailman: CSRF protection missing in the user options page
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
Cross-site Scripting (XSS)
mailman:bionic is vulnerable to cross-site scripting XSS attacks. A crafted URL to the user options page in Cgi/options.py results in arbitrary JavaScript executions...
Cross site scripting
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
Recommended update for mailman (moderate)
openSUSE Security Update: Recommended update for mailman Announcement ID: openSUSE-SU-2020:1752-1 Rating: moderate References: 1171363 1173369 Cross-References: CVE-2020-12108 CVE-2020-12137 CVE-2020-15011 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes three vulnerabilities...
Updated mailman packages fix a security vulnerability
Updated mailman package fixes security vulnerability: Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed ...
Debian DSA-4108-1 : mailman - security update
Calum Hutton and the Mailman team discovered a cross site scripting and information leak vulnerability in the user options page. A remote attacker could use a crafted URL to steal cookie information or to fish for whether a user is subscribed to a list with a private roster. C Tenable Network...
Debian: Security Advisory (DSA-4108-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-5950
Cross-site scripting XSS vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL...
Security fix for the ALT Linux 9 package mailman version 5:2.1.23-alt0.1.20160915
Sept. 24, 2016 Konstantin Lepikhov 5:2.1.23-alt0.1.20160915 - LP shapshot 20160916. - Security fixes: + CVE-2016-6893: Extend CSRF protection to user options page...
CVE-2016-6893
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
UBUNTU-CVE-2016-6893
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
CVE-2016-6893
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
mailman XSS in user options page
From the 2.1.1 release notes: Closed a cross-site scripting vulnerability in the user options page...