CVE-2011-0707

GNU Mailman < 2.1.14 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.

References (30)

... and 10 more

Scores

EPSS 0.0246
EPSS Percentile 85.1%

Classification

CWE
CWE-79
Status published

Affected Products (46)

gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman < 2.1.14
gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman
gnu/mailman
... and 31 more

Timeline

Published Feb 22, 2011
Tracked Since Feb 18, 2026