CVE-2011-0707
CVE-2011-0707
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2011-05/msg00000.htmlhttp://mail.python.org/pipermail/mailman-announce/2011-February/000157.htmlhttp://mail.python.org/pipermail/mailman-announce/2011-February/000158.htmlhttp://osvdb.org/70936http://secunia.com/advisories/43294http://secunia.com/advisories/43389http://secunia.com/advisories/43425