Mailman vulnerabilities

2011-02-2200:00:00

ubuntu.com

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.1%

JSON

Releases

Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 8.04
Ubuntu 6.06

Packages

mailman -

Details

It was discovered that Mailman did not properly sanitize certain fields,
resulting in cross-site scripting (XSS) vulnerabilities. With cross-site
scripting vulnerabilities, if a user were tricked into viewing server
output during a crafted server request, a remote attacker could exploit
this to modify the contents, or steal confidential data, within the same
domain.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchmailman< 1:2.1.12-2ubuntu0.2UNKNOWN
Ubuntu8.04noarchmailman< 1:2.1.9-9ubuntu1.4UNKNOWN
Ubuntu6.06noarchmailman< 2.1.5-9ubuntu4.4UNKNOWN
Ubuntu10.10noarchmailman< 1:2.1.13-4ubuntu0.2UNKNOWN
Ubuntu10.04noarchmailman< 1:2.1.13-1ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	mailman	< 1:2.1.12-2ubuntu0.2	UNKNOWN
Ubuntu	8.04	noarch	mailman	< 1:2.1.9-9ubuntu1.4	UNKNOWN
Ubuntu	6.06	noarch	mailman	< 2.1.5-9ubuntu4.4	UNKNOWN
Ubuntu	10.10	noarch	mailman	< 1:2.1.13-4ubuntu0.2	UNKNOWN
Ubuntu	10.04	noarch	mailman	< 1:2.1.13-1ubuntu0.2	UNKNOWN