Description
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
Exploits (2)
References (10)
Core 10
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html
Patch, Vendor Advisory x_refsource_confirm
http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-177.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-178.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-147
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5298
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-181.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-176.html
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9985.php
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000522
Scores
EPSS
0.4104
EPSS Percentile
97.4%
Details
Status
published
Products (1)
gnu/mailman
2.0.12
Published
Sep 05, 2002
Tracked Since
Feb 18, 2026