CVE-2011-0707

Related Files

Mandriva Linux Security Advisory 2011-036

Posted Feb 23, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-036 - Multiple cross-site scripting vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the username field in a confirmation message.

tags | advisory, remote, web, arbitrary, cgi, vulnerability, xss

systems | linux, mandriva

advisories | CVE-2011-0707

SHA-256 | ea5c67f8416addc10d7426c9a007de08e8c3a2a7563158dfc18282c74b813aa4

Download | Favorite | View

Ubuntu Security Notice USN-1069-1

Posted Feb 22, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1069-1 - It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss

systems | linux, ubuntu

advisories | CVE-2010-3089, CVE-2011-0707

SHA-256 | fdba9a23075e131a564baf3270fe1ab05ec54aef3f93be54371d55937b4d212a

Download | Favorite | View

Debian Security Advisory 2170-1

Posted Feb 20, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2170-1 - Two cross site scripting vulnerabilities were been discovered in Mailman, a web-based mailing list manager. These allowed an attacker to retrieve session cookies via inserting crafted JavaScript into confirmation messages (CVE-2011-0707) and in the list admin interface (CVE-2010-3089; oldstable only).

tags | advisory, web, javascript, vulnerability, xss

systems | linux, debian

advisories | CVE-2010-3089, CVE-2011-0707

SHA-256 | bf4c1ab6425684582dd00c580956547795a061ac12e8a962764fb21a775b50ee

Download | Favorite | View