fkie_nvd - fkie_cve-2003-0038

fkie_cve-2003-0038

Vulnerability from fkie_nvd

Published

2003-02-07 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=104342745916111
cve@mitre.org	http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt	Patch
cve@mitre.org	http://www.debian.org/security/2004/dsa-436	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/9205
cve@mitre.org	http://www.securityfocus.com/bid/6677
cve@mitre.org	http://www.securitytracker.com/id?1005987
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/11152
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104342745916111
af854a3a-2127-422b-91ae-364da2661108	http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-436	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/9205
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/6677
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1005987
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/11152

Impacted products

	Vendor	Product	Version
	gnu	mailman	2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en options.py en Mailman 2.1 y anteriores permite a atacantes remotos inyectar script o HTML en p\u00e1ginas web mediante correo electr\u00f3nico o par\u00e1metros de lenguaje."
    }
  ],
  "id": "CVE-2003-0038",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-02-07T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-436"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/9205"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6677"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1005987"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/9205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1005987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2003-0038 (GCVE-0-2003-0038)

Vulnerability from cvelistv5

Published

2003-01-29 05:00