Cross-Site Scripting Vulnerabilities in GNU Mailman by GNU
CVE-2010-3089

Currently unrated

Key Information:

Vendor: Gnu
Status: Mailman
Vendor: CVE Published:; 15 September 2010

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in GNU Mailman prior to version 2.1.14rc1. These vulnerabilities allow authenticated remote users to inject arbitrary web scripts or HTML into the system. The attack vectors involve manipulating the list information and description fields, potentially compromising the security of users accessing the affected mailing lists.

References

http://marc.info/?l=oss-security&m=128438736513097&w=2

mailing-listx_refsource_MLIST

http://www.redhat.com/support/errata/RHSA-2011-0307.html

vendor-advisoryx_refsource_REDHAT

http://marc.info/?l=oss-security&m=128441369020123&w=2

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Sep 15, 2010
Vulnerability Reserved
Aug 20, 2010