CVE-2003-0038 : Detail

CVE-2003-0038

0.28%V3
Network
2003-01-29
04h00 +00:00
2017-07-10
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 22198

Publication date : 2003-01-23 23h00 +00:00
Author : [email protected]
EDB Verified : Yes

source: https://www.securityfocus.com/bid/6677/info A vulnerability has been discovered in GNU Mailman. It has been reported that Mailman is prone to cross site scripting attacks. This is due to insufficient santization of URI parameters. As a result, attackers may embed malicious script code or HTML into a link to a site running the vulnerable software. If such a link is followed, the attacker-supplied code will be interpreted in the web browser of the victim of the attack. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible. https://www.yourserver.com:443/mailman/options/yourlist? language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
Exploit Database EDB-ID : 22199

Publication date : 2003-01-23 23h00 +00:00
Author : [email protected]
EDB Verified : Yes

source: https://www.securityfocus.com/bid/6678/info A vulnerability has been discovered in GNU Mailman. The issue occurs to insufficient sanitization of user-supplied data which is output when generating error pages. As a result, attackers may embed malicious script code or HTML into a link to a site running the vulnerable software. If such a link is followed, the attacker-supplied code will be interpreted in the web browser of the victim of the attack. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible. It has been reported that GNU Mailman 2.0.11 is not affected by this issue. https://www.yourserver.com:443//mailman/options/yourlist? language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>

Products Mentioned

Configuraton 0

Gnu>>Mailman >> Version 2.1

References

http://marc.info/?l=bugtraq&m=104342745916111
Tags : mailing-list, x_refsource_BUGTRAQ
http://www.osvdb.org/9205
Tags : vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/6677
Tags : vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1005987
Tags : vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2004/dsa-436
Tags : vendor-advisory, x_refsource_DEBIAN