Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-3089

Опубликовано: 09 сент. 2010
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

Отчет

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3mailmanAffected
Red Hat Enterprise Linux 4mailmanFixedRHSA-2011:030701.03.2011
Red Hat Enterprise Linux 5mailmanFixedRHSA-2011:030701.03.2011
Red Hat Enterprise Linux 6mailmanFixedRHSA-2011:030801.03.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=631881mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks

EPSS

Процентиль: 59%
0.00393
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-3089

ubuntu
почти 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

nvd логотип

CVE-2010-3089

nvd
почти 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

debian логотип

CVE-2010-3089

debian
почти 15 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman bef ...

github логотип

GHSA-4jm4-7jcw-x46f

github
около 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

oracle-oval логотип

ELSA-2011-0308

oracle-oval
больше 14 лет назад

ELSA-2011-0308: mailman security update (MODERATE)

EPSS

Процентиль: 59%
0.00393
Низкий

4 Medium

CVSS2