ID CVE-2003-0965
Summary Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
References
Vulnerable Configurations
  • GNU Mailman 2.1.4
    cpe:2.3:a:gnu:mailman:2.1.4
CVSS
Base: 6.8 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_MAILMAN_214.NASL
    description The following package needs to be updated: mailman
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12570
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12570
    title FreeBSD : mailman XSS in admin script (104)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-013.NASL
    description A cross-site scripting vulnerability was discovered in mailman's administration interface (CVE-2003-0965). This affects version 2.1 earlier than 2.1.4. Certain malformed email commands could cause the mailman process to crash. (CVE-2003-0991). This affects version 2.0 earler than 2.0.14. Another cross-site scripting vulnerability was found in mailman's 'create' CGI script (CVE-2003-0992). This affects version 2.1 earlier than 2.1.3.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14113
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14113
    title Mandrake Linux Security Advisory : mailman (MDKSA-2004:013)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-436.NASL
    description Several vulnerabilities have been fixed in the mailman package : - CAN-2003-0038 - potential cross-site scripting via certain CGI parameters (not known to be exploitable in this version) - CAN-2003-0965 - cross-site scripting in the administrative interface - CAN-2003-0991 - certain malformed email commands could cause the mailman process to crash The cross-site scripting vulnerabilities could allow an attacker to perform administrative operations without authorization, by stealing a session cookie.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15273
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15273
    title Debian DSA-436-1 : mailman - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3CB88BB267A611D880E30020ED76EF5A.NASL
    description Dirk Mueller reports : I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the (valid) session cookie.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 36998
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36998
    title FreeBSD : mailman XSS in admin script (3cb88bb2-67a6-11d8-80e3-0020ed76ef5a)
oval via4
accepted 2010-09-20T04:00:37.725-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
family unix
id oval:org.mitre.oval:def:813
status accepted
submitted 2004-03-20T12:00:00.000-04:00
title Mailman Cross-site Scripting Vulnerability
version 37
redhat via4
advisories
rhsa
id RHSA-2004:020
refmap via4
bid 9336
conectiva CLA-2004:842
debian DSA-436
mandrake MDKSA-2004:013
mlist [Mailman-Announce] 20031231 RELEASED Mailman 2.1.4
osvdb 3305
secunia 10519
xf mailman-admin-xss(14121)
Last major update 10-09-2008 - 15:21
Published 17-02-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top