Cross-Site Scripting Vulnerabilities in GNU Mailman by Free Software Foundation
CVE-2011-0707

Currently unrated

Key Information:

Vendor: Gnu
Status: Mailman
Vendor: CVE Published:; 22 February 2011

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in GNU Mailman's Cgi/confirm.py script, affecting versions 2.1.14 and earlier. These vulnerabilities allow remote attackers to exploit the application by injecting arbitrary web scripts or HTML through the 'full name' or 'username' fields within confirmation messages. Proper validation and sanitization of user input are recommended to mitigate these risks and protect against unauthorized actions or data breaches.

References

http://www.vupen.com/english/advisories/2011/0487

vdb-entryx_refsource_VUPEN

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.redhat.com/support/errata/RHSA-2011-0307.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Feb 22, 2011
Vulnerability Reserved
Jan 31, 2011