4.3

CVE-2011-0707

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuMailman Version <= 2.1.14
GnuMailman Version1.0
GnuMailman Version1.1
GnuMailman Version2.0
GnuMailman Version2.0 Updatebeta3
GnuMailman Version2.0 Updatebeta4
GnuMailman Version2.0 Updatebeta5
GnuMailman Version2.0.1
GnuMailman Version2.0.2
GnuMailman Version2.0.3
GnuMailman Version2.0.4
GnuMailman Version2.0.5
GnuMailman Version2.0.6
GnuMailman Version2.0.7
GnuMailman Version2.0.8
GnuMailman Version2.0.9
GnuMailman Version2.0.10
GnuMailman Version2.0.11
GnuMailman Version2.0.12
GnuMailman Version2.0.13
GnuMailman Version2.0.14
GnuMailman Version2.1
GnuMailman Version2.1 Updatealpha
GnuMailman Version2.1 Updatebeta
GnuMailman Version2.1 Updatestable
GnuMailman Version2.1.1
GnuMailman Version2.1.1 Updatebeta1
GnuMailman Version2.1.2
GnuMailman Version2.1.3
GnuMailman Version2.1.4
GnuMailman Version2.1.5
GnuMailman Version2.1.5.8
GnuMailman Version2.1.6
GnuMailman Version2.1.7
GnuMailman Version2.1.8
GnuMailman Version2.1.9
GnuMailman Version2.1.10
GnuMailman Version2.1.11
GnuMailman Version2.1.11 Updaterc1
GnuMailman Version2.1.11 Updaterc2
GnuMailman Version2.1.12
GnuMailman Version2.1.13
GnuMailman Version2.1.13 Updaterc1
GnuMailman Version2.1.14 Updaterc1
GnuMailman Version2.1b1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.25% 0.898
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/43549
http://www.redhat.com/support/errata/RHSA-2011-0307.html
http://www.vupen.com/english/advisories/2011/0542
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://support.apple.com/kb/HT5002
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html
http://secunia.com/advisories/43294
Vendor Advisory
http://secunia.com/advisories/43425
Vendor Advisory
http://secunia.com/advisories/43580
http://www.debian.org/security/2011/dsa-2170
http://www.redhat.com/support/errata/RHSA-2011-0308.html
http://www.ubuntu.com/usn/USN-1069-1
http://www.vupen.com/english/advisories/2011/0436
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0460
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html
http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html
http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html
Patch
http://osvdb.org/70936
http://secunia.com/advisories/43389
Vendor Advisory
http://secunia.com/advisories/43829
http://www.mandriva.com/security/advisories?name=MDVSA-2011:036
http://www.securityfocus.com/bid/46464
http://www.securitytracker.com/id?1025106
http://www.vupen.com/english/advisories/2011/0435
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0487
http://www.vupen.com/english/advisories/2011/0720
https://exchange.xforce.ibmcloud.com/vulnerabilities/65538