FKIE_CVE-2010-3089

Vulnerability from fkie_nvd - Published: 2010-09-15 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
References
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html
secalert@redhat.comhttp://mail.python.org/pipermail/mailman-announce/2010-September/000150.html
secalert@redhat.comhttp://mail.python.org/pipermail/mailman-announce/2010-September/000151.html
secalert@redhat.comhttp://marc.info/?l=oss-security&m=128438736513097&w=2
secalert@redhat.comhttp://marc.info/?l=oss-security&m=128440851513718&w=2
secalert@redhat.comhttp://marc.info/?l=oss-security&m=128441135117819&w=2
secalert@redhat.comhttp://marc.info/?l=oss-security&m=128441237618793&w=2
secalert@redhat.comhttp://marc.info/?l=oss-security&m=128441369020123&w=2
secalert@redhat.comhttp://secunia.com/advisories/41265Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/42502
secalert@redhat.comhttp://secunia.com/advisories/43294
secalert@redhat.comhttp://secunia.com/advisories/43425
secalert@redhat.comhttp://secunia.com/advisories/43549
secalert@redhat.comhttp://secunia.com/advisories/43580
secalert@redhat.comhttp://support.apple.com/kb/HT4581
secalert@redhat.comhttp://www.debian.org/security/2011/dsa-2170
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0307.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-0308.html
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1069-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/3271
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0436
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0460
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0542
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=631859
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=631881
secalert@redhat.comhttps://launchpad.net/mailman/+milestone/2.1.14rc1
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html
af854a3a-2127-422b-91ae-364da2661108http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=128438736513097&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=128440851513718&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=128441135117819&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=128441237618793&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=128441369020123&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41265Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42502
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43294
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43425
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43549
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43580
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4581
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2011/dsa-2170
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0307.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0308.html
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1069-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3271
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0436
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0460
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0542
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=631859
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=631881
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/mailman/+milestone/2.1.14rc1
Impacted products
Vendor Product Version
gnu mailman *
gnu mailman 2.1
gnu mailman 2.1
gnu mailman 2.1
gnu mailman 2.1
gnu mailman 2.1.1
gnu mailman 2.1.2
gnu mailman 2.1.3
gnu mailman 2.1.4
gnu mailman 2.1.5
gnu mailman 2.1.6
gnu mailman 2.1.7
gnu mailman 2.1.8
gnu mailman 2.1.9
gnu mailman 2.1.10
gnu mailman 2.1.11
gnu mailman 2.1.11
gnu mailman 2.1.11
gnu mailman 2.1.12
gnu mailman 2.1.13
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF7A1DA0-2063-4757-8CDA-A7308F14045B",
              "versionEndIncluding": "2.1.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "33DA97C8-532B-442C-94B4-69D10A81EDA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F9908375-B974-4238-B839-0E548A92DCDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1:stable:*:*:*:*:*:*",
              "matchCriteriaId": "4738B8CB-AE25-4491-8C6F-BBCA47F72D19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA788EB3-E162-4752-984D-5601A8C6C770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2571330-3239-469E-883D-8994257D0C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F27323B-6B10-4941-B20B-187562797D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "890FEDE2-474A-4870-9165-CAD39BC6D318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C7EEDB-5794-419A-8E61-137DB76A4E15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C1FC55D7-3857-4614-82FC-5266A3BD8FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "A64FECFD-F6BF-49C1-926C-41868787378C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7A3B58-4038-41AE-A42E-BE743A14D5A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E3D1CC02-7D5F-41CB-A881-A82A13CE9EE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en GNU Mailman anterior a v2.1.14rc1 permite a los usuarios remotos autenticados inyectar c\u00f3digo web o HTML a su elecci\u00f3n a trav\u00e9s de vectores involucrados (1) el campo de informaci\u00f3n de la lista o (2) el campo de descripci\u00f3n de la lista."
    }
  ],
  "id": "CVE-2010-3089",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-09-15T20:00:02.103",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=128438736513097\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=128440851513718\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=128441135117819\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=128441237618793\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=128441369020123\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41265"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42502"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43294"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43425"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43549"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43580"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4581"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2170"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1069-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/3271"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0436"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0460"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0542"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631859"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631881"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://launchpad.net/mailman/+milestone/2.1.14rc1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=128438736513097\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=128440851513718\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=128441135117819\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=128441237618793\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=128441369020123\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43294"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1069-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=631881"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/mailman/+milestone/2.1.14rc1"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.