CVE-2010-3089

GNU Mailman < 2.1.14rc1 - Authenticated Cross-Site Scripting via List Information or Description Field

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

References (30)

Core 30
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128438736513097&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0307.html
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128441369020123&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43294
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0460
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2170
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42502
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128441135117819&w=2
Various Sources x_refsource_confirm
https://launchpad.net/mailman/+milestone/2.1.14rc1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1069-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0308.html
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128440851513718&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41265
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0436
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3271
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=128441237618793&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43425
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0542
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=631881
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=631859
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43580
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43549
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4581

Scores

EPSS 0.0039
EPSS Percentile 60.4%

Details

CWE
CWE-79
Status published
Products (15)
gnu/mailman 2.1 (4 CPE variants)
gnu/mailman 2.1.1
gnu/mailman 2.1.2
gnu/mailman 2.1.3
gnu/mailman 2.1.4
gnu/mailman 2.1.5
gnu/mailman 2.1.6
gnu/mailman 2.1.7
gnu/mailman 2.1.8
gnu/mailman 2.1.9
... and 5 more
Published Sep 15, 2010
Tracked Since Feb 18, 2026