FreeBSD : mailman -- Private Archive Script XSS (8be2e304-cce6-11da-a3b1-00123ffe8333)

Low Nessus Plugin ID 21469


The remote FreeBSD host is missing one or more security-related updates.


Secunia reports :

A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.


Update the affected packages.

See Also

Plugin Details

Severity: Low

ID: 21469

File Name: freebsd_pkg_8be2e304cce611daa3b100123ffe8333.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2006/05/13

Modified: 2014/08/13

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ja-mailman, p-cpe:/a:freebsd:freebsd:mailman, p-cpe:/a:freebsd:freebsd:mailman-with-htdig, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2006/04/16

Vulnerability Publication Date: 2006/04/07

Reference Information

CVE: CVE-2006-1712

Secunia: 19558