| Max CVSS | 7.6 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2011-0707 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
|
13-02-2023 - 01:18 | 22-02-2011 - 19:00 | |
| CVE-2018-5950 | 4.3 |
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
|
10-11-2020 - 19:39 | 23-01-2018 - 16:29 | |
| CVE-2018-13796 | 4.3 |
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
|
06-05-2020 - 20:15 | 12-07-2018 - 18:29 | |
| CVE-2015-2775 | 7.6 |
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
|
24-12-2016 - 02:59 | 13-04-2015 - 14:59 |