GHSA-82rm-28q9-435p

Source

https://github.com/advisories/GHSA-82rm-28q9-435p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-82rm-28q9-435p/GHSA-82rm-28q9-435p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-82rm-28q9-435p

Aliases

CVE-2003-0038

Published

2022-04-29T01:25:43Z

Modified

2024-02-16T08:06:41.283636Z

Summary

Mailman Cross-site scripting (XSS) vulnerability

Details

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

References

https://nvd.nist.gov/vuln/detail/CVE-2003-0038
https://exchange.xforce.ibmcloud.com/vulnerabilities/11152
http://marc.info/?l=bugtraq&m=104342745916111
http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt
http://www.debian.org/security/2004/dsa-436
http://www.osvdb.org/9205
http://www.securityfocus.com/bid/6677
http://www.securitytracker.com/id?1005987

Affected packages

PyPI / mailman

Package

Name: mailman; View open source insights on deps.dev
Purl: pkg:pypi/mailman

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.1

Affected versions

3.*

3.0.0b3-