Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0855

7 documents6 sources
Severity
7.5HIGH
EPSS
41.0%
top 2.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Mailman
Timeline
PublishedSep 5
Latest updateApr 30

Description

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgnu/mailman2.0.12

Patches

Patch: mail.python.orgPatch: www.securityfocus.comPatch: mail.python.org

🔴Vulnerability Details

2
GHSA
GHSA-6wpg-628r-xfhr: Cross-site scripting vulnerability in Mailman before 22022-04-30
CVEList
CVE-2002-0855: Cross-site scripting vulnerability in Mailman before 22002-08-14

💥Exploits & PoCs

2
Exploit-DB
GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting2002-07-24
Exploit-DB
GNU Mailman 2.0.x - Subscribe Cross-Site Scripting2002-07-24

📋Vendor Advisories

1
Red Hat
security flaw2002-07-11

💬Community

1
Bugzilla
CVE-2002-0855 security flaw2018-08-16
CVE-2002-0855 (HIGH CVSS 7.5) | Cross-site scripting vulnerability | cvebase.io