GHSA-82rm-28q9-435p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-82rm-28q9-435p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-82rm-28q9-435p/GHSA-82rm-28q9-435p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-82rm-28q9-435p
- Aliases
-
- CVE-2003-0038
- Published
- 2022-04-29T01:25:43Z
- Modified
- 2024-11-28T05:41:18.608155Z
- Summary
- Mailman Cross-site scripting (XSS) vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
- Database specific
{ "github_reviewed_at": "2023-09-18T22:38:47Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2003-02-07T05:00:00Z", "severity": "MODERATE", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2003-0038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11152
- http://marc.info/?l=bugtraq&m=104342745916111
- http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt
- http://www.debian.org/security/2004/dsa-436
- http://www.osvdb.org/9205
- http://www.securityfocus.com/bid/6677
- http://www.securitytracker.com/id?1005987
Affected packages
PyPI / mailman
Package
- Name
- mailman
- View open source insights on deps.dev
- Purl
- pkg:pypi/mailman