FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman -- XSS vulnerability

Affected packages
mailman < 2.1.14_1

Details

VuXML ID 64691c49-4b22-11e0-a226-00e0815b8da8
Discovery 2011-02-13
Entry 2011-03-10

CVE reports:

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.

References

CVE Name CVE-2011-0707
URL http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html