CVE-2002-0388

Mailman < 2.0.11 - Cross-Site Scripting via Admin Login Page or Pipermail Index Summaries

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0388. PoCs published by office.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in GNU Mailman by crafting a malicious URL that injects arbitrary HTML and script code into the administrative login page. The PoC constructs a URL that closes the existing form and inserts a new form pointing to an attacker-controlled script.

Description

Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.

Exploits (1)

exploitdb WORKING POC VERIFIED

by office · textwebappscgi

https://www.exploit-db.com/exploits/21480

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in GNU Mailman by crafting a malicious URL that injects arbitrary HTML and script code into the administrative login page. The PoC constructs a URL that closes the existing form and inserts a new form pointing to an attacker-controlled script.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: GNU Mailman (versions affected by CVE-2002-0388)

No auth needed

Prerequisites: Access to the target Mailman administrative login page URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch x_refsource_confirm

http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4826

Scores

EPSS 0.0630

EPSS Percentile 92.7%

Details

Status published

Products (1)

gnu/mailman < 2.0.11

Published Jun 18, 2002

Tracked Since Feb 18, 2026