Mailman < 2.1.14 Multiple XSS

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

A web application on the remote host has multiple cross-site
scripting vulnerabilities.

Description :

According to its self-reported version number, the Mailman
installation running on the remote host has multiple cross-site
scripting vulnerabilities. These vulnerabilities can reportedly only
be exploited by a list owner.

A malicious list owner could exploit these issues to execute arbitrary
script code in another user's browser.

See also :

http://www.nessus.org/u?a8105742
http://www.nessus.org/u?dbac17d3

Solution :

Upgrade to Mailman 2.1.14 or later.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 2.9
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 54579 ()

Bugtraq ID: 43187

CVE ID: CVE-2010-3089