Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0038Cross-site Scripting in Mailman

CWE-79Cross-site Scripting6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
10.6%
top 6.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
GNU Mailman
Timeline
PublishedFeb 7
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

PyPIgnu/mailman< 2.1.1
NVDgnu/mailman2.1

Patches

Patch: telia.dl.sourceforge.netPatch: www.debian.orgPatch: telia.dl.sourceforge.net

🔴Vulnerability Details

3
GHSA
Mailman Cross-site scripting (XSS) vulnerability2022-04-29
OSV
Mailman Cross-site scripting (XSS) vulnerability2022-04-29
CVEList
CVE-2003-0038: Cross-site scripting (XSS) vulnerability in options2003-01-29

💥Exploits & PoCs

2
Exploit-DB
GNU Mailman 2.1 - 'email' Cross-Site Scripting2003-01-24
Exploit-DB
GNU Mailman 2.1 - Error Page Cross-Site Scripting2003-01-24
CVE-2003-0038 — Cross-site Scripting in GNU Mailman | cvebase