github - ghsa-82rm-28q9-435p

ghsa-82rm-28q9-435p

Vulnerability from github

Published

2022-04-29 01:25

Modified

2023-09-18 22:38

Summary

Mailman Cross-site scripting (XSS) vulnerability

Details

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mailman"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2003-0038"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-18T22:38:47Z",
    "nvd_published_at": "2003-02-07T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.",
  "id": "GHSA-82rm-28q9-435p",
  "modified": "2023-09-18T22:38:47Z",
  "published": "2022-04-29T01:25:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0038"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
    },
    {
      "type": "WEB",
      "url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2004/dsa-436"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/9205"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/6677"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1005987"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Mailman Cross-site scripting (XSS) vulnerability "
}

CVE-2003-0038 (GCVE-0-2003-0038)

Vulnerability from cvelistv5

Published

2003-01-29 05:00

Modified

2024-08-08 01:43

Severity ?

CWE

Summary

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

References

►

URL

Tags

	http://marc.info/?l=bugtraq&m=104342745916111	mailing-list, x_refsource_BUGTRAQ
	http://www.osvdb.org/9205	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/bid/6677	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id?1005987	vdb-entry, x_refsource_SECTRACK
	http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilities/11152	vdb-entry, x_refsource_XF
	http://www.debian.org/security/2004/dsa-436	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website