CVE-2010-3089

GNU Mailman <2.1.14rc1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

References (30)

[Mailing List] http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html

[Various Sources] http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html

[Various Sources] http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html

[Mailing List] http://marc.info/?l=oss-security&m=128438736513097&w=2

[Mailing List] http://marc.info/?l=oss-security&m=128440851513718&w=2

[Mailing List] http://marc.info/?l=oss-security&m=128441135117819&w=2

[Mailing List] http://marc.info/?l=oss-security&m=128441237618793&w=2

[Vendor Advisory] http://secunia.com/advisories/41265

[Third Party Advisory] http://secunia.com/advisories/42502

[Third Party Advisory] http://secunia.com/advisories/43294

[Third Party Advisory] http://secunia.com/advisories/43425

[Third Party Advisory] http://secunia.com/advisories/43549

[Third Party Advisory] http://secunia.com/advisories/43580

[Vendor Advisory] http://support.apple.com/kb/HT4581

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2011-0307.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2011-0308.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1069-1

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/3271

... and 10 more

Scores

EPSS 0.0039

EPSS Percentile 59.9%

Classification

CWE

CWE-79

Status published

Affected Products (21)

gnu/mailman

gnu/mailman < 2.1.13

gnu/mailman

... and 6 more

Timeline

Published Sep 15, 2010

Tracked Since Feb 18, 2026