ID CVE-2003-0992
Summary Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
References
Vulnerable Configurations
  • GNU Mailman 2.1.3
    cpe:2.3:a:gnu:mailman:2.1.3
CVSS
Base: 4.3 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_MAILMAN_213.NASL
    description The following package needs to be updated: mailman
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12569
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12569
    title FreeBSD : mailman XSS in create script (103)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_429249D267A711D880E30020ED76EF5A.NASL
    description From the 2.1.3 release notes : Closed a cross-site scripting exploit in the create cgi script.
    last seen 2018-11-22
    modified 2018-11-21
    plugin id 36231
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36231
    title FreeBSD : mailman XSS in create script (429249d2-67a7-11d8-80e3-0020ed76ef5a)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-013.NASL
    description A cross-site scripting vulnerability was discovered in mailman's administration interface (CVE-2003-0965). This affects version 2.1 earlier than 2.1.4. Certain malformed email commands could cause the mailman process to crash. (CVE-2003-0991). This affects version 2.0 earler than 2.0.14. Another cross-site scripting vulnerability was found in mailman's 'create' CGI script (CVE-2003-0992). This affects version 2.1 earlier than 2.1.3.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14113
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14113
    title Mandrake Linux Security Advisory : mailman (MDKSA-2004:013)
oval via4
accepted 2010-09-20T04:00:38.008-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jonathan Baker
    organization The MITRE Corporation
description Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
family unix
id oval:org.mitre.oval:def:815
status accepted
submitted 2004-03-20T12:00:00.000-04:00
title Mailman Cross-site Scripting Vulnerability II
version 36
redhat via4
advisories
rhsa
id RHSA-2004:020
refmap via4
conectiva CLA-2004:842
confirm http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html
mandrake MDKSA-2004:013
Last major update 10-09-2008 - 15:21
Published 17-02-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top