| VID |
210121 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A web application on the remote host has multiple cross-site scripting vulnerabilities.
According to its self-reported version number, the Mailman installation running on the remote host has multiple cross-site scripting vulnerabilities. These vulnerabilities can reportedly only be exploited by a list owner.
A malicious list owner could exploit these issues to execute arbitrary script code in another user's browser.
* References:
http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html
http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html
* Platforms Affected:
Mailman versions prior to 2.1.14
Linux Any version |
| Recommendation |
Upgrade to the latest version of Mailman (2.1.14 or later), available from the SourceForge.net Download Web site at https://sourceforge.net/project/showfiles.php?group_id=103 |
| Related URL |
CVE-2010-3089 (CVE) |
| Related URL |
43187 (SecurityFocus) |
| Related URL |
(ISS) |
|
