CVE-2010-3089Cross-site Scripting in Mailman

CWE-79Cross-site Scripting7 documents6 sources
Severity
3.5LOWNVD
EPSS
0.4%
top 39.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Mailman
Timeline
PublishedSep 15
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDgnu/mailman2.1.13+14

🔴Vulnerability Details

2
GHSA
GHSA-4jm4-7jcw-x46f: Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 22022-05-17
CVEList
CVE-2010-3089: Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 22010-09-15

📋Vendor Advisories

2
Ubuntu
Mailman vulnerabilities2011-02-22
Red Hat
mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks2010-09-09

💬Community

2
Bugzilla
CVE-2010-3089 Mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks [fedora-all]2010-09-14
Bugzilla
CVE-2010-3089 mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks2010-09-08
CVE-2010-3089 — Cross-site Scripting in GNU Mailman | cvebase