CVE-2001-0884Cross-site Scripting in Mailman

5 documents5 sources
Severity
5.1MEDIUMNVD
EPSS
0.7%
top 29.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Mailman
Timeline
PublishedDec 21
Latest updateApr 30

Description

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDgnu/mailman4 versions+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-298p-q946-hhq4: Cross-site scripting vulnerability in Mailman email archiver before 22022-04-30
CVEList
CVE-2001-0884: Cross-site scripting vulnerability in Mailman email archiver before 22002-06-25

📋Vendor Advisories

1
Red Hat
security flaw2001-11-28

💬Community

1
Bugzilla
CVE-2001-0884 security flaw2018-08-16
CVE-2001-0884 — Cross-site Scripting in GNU Mailman | cvebase