6.5CVSS
6.4AI Score
0.003EPSS
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conc...
6.1CVSS
6.1AI Score
0.012EPSS
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
4.3CVSS
5.6AI Score
0.009EPSS