CVE-2011-0707

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.

References

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html

http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html

http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html

http://osvdb.org/70936

http://secunia.com/advisories/43294

http://secunia.com/advisories/43389

http://secunia.com/advisories/43425

http://secunia.com/advisories/43549

http://secunia.com/advisories/43580

http://secunia.com/advisories/43829

http://support.apple.com/kb/HT5002

http://www.debian.org/security/2011/dsa-2170

http://www.mandriva.com/security/advisories?name=MDVSA-2011:036

http://www.redhat.com/support/errata/RHSA-2011-0307.html

http://www.redhat.com/support/errata/RHSA-2011-0308.html

http://www.securityfocus.com/bid/46464

http://www.securitytracker.com/id?1025106

http://www.ubuntu.com/usn/USN-1069-1

http://www.vupen.com/english/advisories/2011/0435

http://www.vupen.com/english/advisories/2011/0436

http://www.vupen.com/english/advisories/2011/0460

http://www.vupen.com/english/advisories/2011/0487

http://www.vupen.com/english/advisories/2011/0542

http://www.vupen.com/english/advisories/2011/0720

https://exchange.xforce.ibmcloud.com/vulnerabilities/65538

Details

Source: MITRE

Published: 2011-02-22

Updated: 2017-08-17

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1:alpha:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1:beta:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1:stable:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.1:beta1:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:* versions up to 2.1.14 (inclusive)

cpe:2.3:a:gnu:mailman:2.1.14:rc1:*:*:*:*:*:*

cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
75641openSUSE Security Update : mailman (openSUSE-SU-2011:0312-1)NessusSuSE Local Security Checks
medium
68211Oracle Linux 6 : mailman (ELSA-2011-0308)NessusOracle Linux Local Security Checks
medium
68210Oracle Linux 4 / 5 : mailman (ELSA-2011-0307)NessusOracle Linux Local Security Checks
medium
60969Scientific Linux Security Update : mailman on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60968Scientific Linux Security Update : mailman on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
57225SuSE 10 Security Update : mailman (ZYPP Patch Number 7484)NessusSuSE Local Security Checks
medium
56481Mac OS X Multiple Vulnerabilities (Security Update 2011-006)NessusMacOS X Local Security Checks
critical
53768openSUSE Security Update : mailman (openSUSE-SU-2011:0424-1)NessusSuSE Local Security Checks
medium
53639SuSE 10 Security Update : mailman (ZYPP Patch Number 7489)NessusSuSE Local Security Checks
medium
53619SuSE 11.1 Security Update : mailman (SAT Patch Number 4433)NessusSuSE Local Security Checks
medium
52744Fedora 13 : mailman-2.1.12-17.fc13 (2011-2125)NessusFedora Local Security Checks
medium
52743Fedora 14 : mailman-2.1.13-7.fc14 (2011-2102)NessusFedora Local Security Checks
medium
52742Fedora 15 : mailman-2.1.14-5.fc15 (2011-2030)NessusFedora Local Security Checks
medium
52626FreeBSD : mailman -- XSS vulnerability (64691c49-4b22-11e0-a226-00e0815b8da8)NessusFreeBSD Local Security Checks
medium
52506CentOS 4 / 5 : mailman (CESA-2011:0307)NessusCentOS Local Security Checks
medium
52492RHEL 6 : mailman (RHSA-2011:0308)NessusRed Hat Local Security Checks
medium
52491RHEL 4 / 5 : mailman (RHSA-2011:0307)NessusRed Hat Local Security Checks
medium
52160Mandriva Linux Security Advisory : mailman (MDVSA-2011:036)NessusMandriva Local Security Checks
medium
52070Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : mailman vulnerabilities (USN-1069-1)NessusUbuntu Local Security Checks
medium
52037Debian DSA-2170-1 : mailman - several vulnerabilitiesNessusDebian Local Security Checks
medium