VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3089
mailman: Multiple cross-site scripting (XSS) vulnerabilities...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3089

Original

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-15
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-16




Affected Product Tags
cpe:/a:gnu:mailman:2.1
cpe:/a:gnu:mailman:2.1.1
cpe:/a:gnu:mailman:2.1.10
cpe:/a:gnu:mailman:2.1.11
cpe:/a:gnu:mailman:2.1.11:rc1
cpe:/a:gnu:mailman:2.1.11:rc2
cpe:/a:gnu:mailman:2.1.12
cpe:/a:gnu:mailman:2.1.13 and previous versions
cpe:/a:gnu:mailman:2.1.13:rc1
cpe:/a:gnu:mailman:2.1.2
cpe:/a:gnu:mailman:2.1.3
cpe:/a:gnu:mailman:2.1.4
cpe:/a:gnu:mailman:2.1.5
cpe:/a:gnu:mailman:2.1.6
cpe:/a:gnu:mailman:2.1.7
cpe:/a:gnu:mailman:2.1.8
cpe:/a:gnu:mailman:2.1.9
cpe:/a:gnu:mailman:2.1:alpha
cpe:/a:gnu:mailman:2.1:beta
cpe:/a:gnu:mailman:2.1:stable
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
X Single [?]
None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM https://launchpad.net/mailman/+milestone/2.1.14rc1




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=631881




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=631859




MLIST [oss-security] 20100913 Re: CVE Request: mailman




MLIST [oss-security] 20100913 Re: CVE Request: mailman




MLIST [oss-security] 20100913 Re: CVE Request: mailman




MLIST [oss-security] 20100913 Re: CVE Request: mailman




MLIST [oss-security] 20100913 CVE Request: mailman




MLIST [mailman-announce] 20100909 Mailman security patch.




MLIST [mailman-announce] 20100905 Mailman security patch.




SECUNIA 41265




Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)




Copyright © 2010 JPCERT/CC All Rights Reserved.