CVE-2006-3636

Mailman - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3636. PoCs published by Moritz Naumann.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in Mailman, including XSS and CRLF injection. It includes example URLs demonstrating these vulnerabilities but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Moritz Naumann · textwebappscgi

https://www.exploit-db.com/exploits/28570

View Code ZIP pw:eip

The provided text describes multiple input-validation vulnerabilities in Mailman, including XSS and CRLF injection. It includes example URLs demonstrating these vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Mailman versions between 2.1.0 and 2.1.8

No auth needed

Prerequisites: Access to a vulnerable Mailman instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3446

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1188

Various Sources mailing-list x_refsource_mlist

http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19831

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22639

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016808

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21879

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20021

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-345-1

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200609-12.xml

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/445992/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22227

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_25_sr.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:165

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21792

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2006-0600.html

Patch x_refsource_confirm

http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21732

Various Sources x_refsource_misc

http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22011

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22020

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/28731

Scores

EPSS 0.0643

EPSS Percentile 92.8%

Details

Status published

Products (11)

gnu/mailman 2.1

gnu/mailman 2.1.1 (2 CPE variants)

gnu/mailman 2.1.2

gnu/mailman 2.1.3

gnu/mailman 2.1.4

gnu/mailman 2.1.5

gnu/mailman 2.1.5.8

gnu/mailman 2.1.6

gnu/mailman 2.1.7

gnu/mailman 2.1.8

... and 1 more

Published Sep 06, 2006

Tracked Since Feb 18, 2026