FreeBSD : Mailman -- XSS in web interface (4ab29e12-e787-11df-adfa-00e0815b8da8)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Two vulnerabilities have been reported in Mailman, which can be
exploited by malicious users to conduct script insertion attacks.

Certain input passed via the list descriptions is not properly
sanitised before being displayed to the user. This can be exploited to
insert arbitrary HTML and script code, which will be executed in a
user's browser session in context of an affected site when the
malicious data is being viewed.

Successful exploitation requires 'list owner' permissions.

See also :

http://www.nessus.org/u?8b0feac5

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 50469 ()

Bugtraq ID: 43187

CVE ID: CVE-2010-3089

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now