Description

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.

References

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html

http://secunia.com/advisories/28794

http://secunia.com/advisories/28916

http://secunia.com/advisories/28966

http://secunia.com/advisories/29249

http://secunia.com/advisories/29388

http://secunia.com/advisories/31687

http://secunia.com/advisories/43549

http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103

http://support.apple.com/kb/HT4077

http://wiki.rpath.com/Advisories:rPSA-2008-0056

http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061

http://www.redhat.com/support/errata/RHSA-2011-0307.html

http://www.securityfocus.com/archive/1/488236/100/0/threaded

http://www.securityfocus.com/bid/27630

http://www.ubuntu.com/usn/usn-586-1

http://www.vupen.com/english/advisories/2008/0422

http://www.vupen.com/english/advisories/2011/0542

https://bugzilla.redhat.com/show_bug.cgi?id=431526

https://issues.rpath.com/browse/RPL-2207

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html

Details

Risk Information

CVSS v2