CVE-2018-5950 – mailman: Cross-site scripting (XSS) vulnerability in web UI
https://notcve.org/view.php?id=CVE-2018-5950
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de usuario web en Mailman en versiones anteriores a la 2.1.26 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una URL user-options. A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html http://www.securityfocus.com/bid/104594 https://access.redhat.com/errata/RHSA-2018:0504 https://access.redhat.com/errata/RHSA-2018:0505 https://bugs.launchpad.net/mailman/+bug/1747209 https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html https://usn.ubuntu.com/3563-1 https://www.debian.org/security/2018/dsa-4108 https://www.mail-archive.com/mailman-users%40python.org/msg70375. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-2775 – mailman: directory traversal in MTA transports that deliver programmatically
https://notcve.org/view.php?id=CVE-2015-2775
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. Vulnerabilidad de salto de directorio en GNU Mailman anterior a 2.1.20, cuando no utiliza un alias estático, permite a atacantes remotos ejecutar ficheros arbitrarios a través de un .. (punto punto) en un nombre de lista. It was found that mailman did not sanitize the list name before passing it to certain MTAs. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html http://rhn.redhat.com/errata/RHSA-2015-1153.html http://rhn.redhat.com/errata/RHSA-2015-1417.html http://www.debian.org/security/2015/dsa-3214 http://www.securityfocus.com/bid/73922 http://www.securitytracker.com/id/1032033 http://www.ubuntu.com/usn/USN-2558-1 https://bugs.launchpad.net/mailman/+bug/1437145 https:& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2001-0884
https://notcve.org/view.php?id=CVE-2001-0884
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. Vulnerabilidad de secuencias de comandos en sitios cruzados en el archivador de correo electrónico Mailman permite a atacantes ganar información sensible o credenciales de autenticación mediante un enlace malicioso que es accedido por otros usuarios web. • http://www.redhat.com/support/errata/RHSA-2001-168.html http://www.redhat.com/support/errata/RHSA-2001-169.html http://www.redhat.com/support/errata/RHSA-2001-170.html http://www.securityfocus.com/advisories/3721 http://www.securityfocus.com/archive/1/242839 http://www.securityfocus.com/bid/3602 https://exchange.xforce.ibmcloud.com/vulnerabilities/7617 •