CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38354 – GNU-Mailman Integration <= 1.0.6 Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-38354
09 Sep 2021 — The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. El plugin GNU-Mailman Integration de WordPress, es vulnerable a un ataque de tipo Cross-Site Scripting Reflejado por medio del parámetro gm_error encontrado en el archivo ~/includes/admin/mailing-lists-page.php que permite a atacantes inye... • https://plugins.trac.wordpress.org/browser/gnu-mailman-integration/trunk/includes/admin/mailing-lists-page.php?rev=859898#L34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 0CVE-2008-0564 – mailman: XSS triggerable by list administrator
https://notcve.org/view.php?id=CVE-2008-0564
05 Feb 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Mailman en versiones anteriores a 2.1.10b1. Permiten a atacantes remotos inyectar scripts wet y HTMLs arbitrarios po... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •