Vulnerability CVE-2010-3089

Vulnerability CVE-2010-3089

Published: 2010-09-15 Modified: 2012-02-13

Description:

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

See advisories in our WLB2 database:

	Topic	Author	Date
Low	mailman 2.1.13 xss	vendor	17.09.2010

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
GNU -> Mailman

References:

https://launchpad.net/mailman/+milestone/2.1.14rc1

https://bugzilla.redhat.com/show_bug.cgi?id=631881

https://bugzilla.redhat.com/show_bug.cgi?id=631859

http://www.vupen.com/english/advisories/2011/0542

http://www.vupen.com/english/advisories/2011/0460

http://www.vupen.com/english/advisories/2011/0436

http://www.vupen.com/english/advisories/2010/3271

http://www.ubuntu.com/usn/USN-1069-1

http://www.redhat.com/support/errata/RHSA-2011-0308.html

http://www.redhat.com/support/errata/RHSA-2011-0307.html

http://www.debian.org/security/2011/dsa-2170

http://support.apple.com/kb/HT4581

http://secunia.com/advisories/43580

http://secunia.com/advisories/43549

http://secunia.com/advisories/43425

http://secunia.com/advisories/43294

http://secunia.com/advisories/42502

http://secunia.com/advisories/41265

http://marc.info/?l=oss-security&m=128441369020123&w=2

http://marc.info/?l=oss-security&m=128441237618793&w=2

http://marc.info/?l=oss-security&m=128441135117819&w=2

http://marc.info/?l=oss-security&m=128440851513718&w=2

http://marc.info/?l=oss-security&m=128438736513097&w=2

http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html

http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html

http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

Vulnerability CVE-2010-3089

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

See advisories in our WLB2 database:

Low

mailman 2.1.13 xss

CWE-79

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

3.5/10

2.9/10

6.8/10

Remote

Medium

Single time

None

Partial

None

Affected software

References: