XSS Vulnerability in GNU Mailman Affects Remote Script Injection
CVE-2006-1712

Currently unrated

Key Information:

Vendor: Gnu
Status: Mailman
Vendor: CVE Published:; 11 April 2006

What is CVE-2006-1712?

An XSS vulnerability exists in the private archive script (private.py) of GNU Mailman version 2.1.7, which allows remote attackers to execute arbitrary web scripts or HTML by manipulating the action argument. This exploitation can lead to malicious code execution in the context of a user's session, potentially compromising the user's data and privacy. It is essential for users of GNU Mailman to upgrade to later versions to mitigate this vulnerability.

References

http://securitytracker.com/id?1015876

vdb-entryx_refsource_SECTRACK

http://www.osvdb.org/24442

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/19558

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2006
Vulnerability Reserved
Apr 11, 2006

Gnu

What is CVE-2006-1712?

References

Timeline