Your submission was sent successfully! Close

CVE-2011-0707

Published: 18 February 2011

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.

Priority

Medium

Status

Package Release Status
mailman
Launchpad, Ubuntu, Debian
dapper
Released (2.1.5-9ubuntu4.4)
hardy
Released (1:2.1.9-9ubuntu1.4)
karmic
Released (1:2.1.12-2ubuntu0.2)
lucid
Released (1:2.1.13-1ubuntu0.2)
maverick
Released (1:2.1.13-4ubuntu0.2)
upstream Needs triage