CVE-2003-0038

Mailman 2.1 - Cross-Site Scripting via Email or Language Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-0038. PoCs published by [email protected].

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in GNU Mailman due to insufficient sanitization of user-supplied data in error pages. The example demonstrates how an attacker could embed malicious script code in a URL to execute arbitrary JavaScript in the context of a victim's browser.

Description

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

Exploits (2)

exploitdb WRITEUP VERIFIED
by [email protected] · textwebappscgi
https://www.exploit-db.com/exploits/22199

This is a writeup describing a cross-site scripting (XSS) vulnerability in GNU Mailman due to insufficient sanitization of user-supplied data in error pages. The example demonstrates how an attacker could embed malicious script code in a URL to execute arbitrary JavaScript in the context of a victim's browser.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: GNU Mailman (versions prior to 2.0.11)
No auth needed
Prerequisites: A vulnerable version of GNU Mailman · Victim interaction (clicking a malicious link)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by [email protected] · textwebappscgi
https://www.exploit-db.com/exploits/22198

This is a writeup describing a cross-site scripting (XSS) vulnerability in GNU Mailman due to insufficient sanitization of URI parameters. The example demonstrates how an attacker could embed malicious script code in a URL to execute arbitrary JavaScript in the context of a victim's browser.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: GNU Mailman (version not specified)
No auth needed
Prerequisites: A vulnerable instance of GNU Mailman · Victim interaction (clicking a malicious link)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104342745916111
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/9205
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6677
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1005987
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11152
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-436

Scores

EPSS 0.1063
EPSS Percentile 93.5%

Details

Status published
Products (2)
gnu/mailman 2.1
pypi/mailman 0 - 2.1.1PyPI
Published Feb 07, 2003
Tracked Since Feb 18, 2026