Gnu: >> Mailman >> 2.1.7 Security Vulnerabilities
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
CVSS Score
2.6
EPSS Score
0.024
Published
2006-09-07
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
CVSS Score
5.0
EPSS Score
0.061
Published
2006-09-06
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.227
Published
2006-09-06
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
CVSS Score
2.6
EPSS Score
0.006
Published
2006-04-11
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
CVSS Score
2.1
EPSS Score
0.002
Published
2002-06-18
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
CVSS Score
5.1
EPSS Score
0.007
Published
2001-12-21
Page 3