Description
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
References (10)
Core 10
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-020.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14121
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10519
Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:013
Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9336
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3305
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html
Vendor Advisory vendor-advisory
x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-436
Scores
EPSS
0.0314
EPSS Percentile
87.1%
Details
Status
published
Products (1)
gnu/mailman
< 2.1.4
Published
Feb 17, 2004
Tracked Since
Feb 18, 2026