Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
Software | From | Fixed in |
---|---|---|
gnu / mailman | 1.0 | 1.0.x |
gnu / mailman | 1.1 | 1.1.x |
gnu / mailman | 2.0 | 2.0.x |
gnu / mailman | 2.0-beta3 | 2.0-beta3.x |
gnu / mailman | 2.0-beta4 | 2.0-beta4.x |
gnu / mailman | 2.0-beta5 | 2.0-beta5.x |
gnu / mailman | 2.0.1 | 2.0.1.x |
gnu / mailman | 2.0.10 | 2.0.10.x |
gnu / mailman | 2.0.11 | 2.0.11.x |
gnu / mailman | 2.0.12 | 2.0.12.x |
gnu / mailman | 2.0.13 | 2.0.13.x |
gnu / mailman | 2.0.2 | 2.0.2.x |
gnu / mailman | 2.0.3 | 2.0.3.x |
gnu / mailman | 2.0.4 | 2.0.4.x |
gnu / mailman | 2.0.5 | 2.0.5.x |
gnu / mailman | 2.0.6 | 2.0.6.x |
gnu / mailman | 2.0.7 | 2.0.7.x |
gnu / mailman | 2.0.8 | 2.0.8.x |
gnu / mailman | 2.0.9 | 2.0.9.x |
gnu / mailman | 2.1 | 2.1.x |
gnu / mailman | 2.1.1 | 2.1.1.x |
gnu / mailman | 2.1.2 | 2.1.2.x |
gnu / mailman | 2.1.3 | 2.1.3.x |
gnu / mailman | 2.1.4 | 2.1.4.x |
gnu / mailman | 2.1b1 | 2.1b1.x |