CVE-2006-1712Cross-site Scripting in Mailman

5 documents4 sources
Severity
2.6LOWNVD
EPSS
0.6%
top 31.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Mailman
Timeline
PublishedApr 11
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDgnu/mailman2.1.7

Patches

Patch: secunia.comPatch: securitytracker.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-jx43-j6gq-vv23: Cross-site scripting (XSS) vulnerability in the private archive script (private2022-05-01
CVEList
CVE-2006-1712: Cross-site scripting (XSS) vulnerability in the private archive script (private2006-04-11

💬Community

2
Bugzilla
CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability2006-06-02
Bugzilla
CVE-2006-1712 Mailman cross site scripting bug2006-04-11