Scientific Linux Security Update : mailman on SL6.x i386/x86_64
Medium Nessus Plugin ID 60969
SynopsisThe remote Scientific Linux host is missing a security update.
DescriptionMultiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707)
Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's 'listinfo' page. (CVE-2010-3089)
SolutionUpdate the affected mailman package.