Mailman Security Vulnerabilities and Issues — Mailman CVE List

Lucene search

GnuMailman

3 matches found

CVE•added 2020/05/06 3:15 p.m.•298 views

CVE-2020-12108

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.

6.5CVSS6.4AI score0.03544EPSS

CVE•added 2020/06/24 12:15 p.m.•277 views

CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.

4.3CVSS5.6AI score0.00955EPSS

CVE•added 2020/04/24 1:15 p.m.•272 views

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conc...

6.1CVSS6.1AI score0.00587EPSS