FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0707

This CVE name corresponds to:

Entered Topic
2011-03-10 mailman -- XSS vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-0707 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-0707
Phase Assigned(20110131)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.

References

Source Reference
MLIST [mailman-announce] 20110213 Mailman Security Patch Announcement
MLIST [mailman-announce] 20110218 Mailman Security Patch Announcement
CONFIRM http://support.apple.com/kb/HT5002
APPLE APPLE-SA-2011-10-12-3
DEBIAN DSA-2170
FEDORA FEDORA-2011-2030
FEDORA FEDORA-2011-2102
FEDORA FEDORA-2011-2125
MANDRIVA MDVSA-2011:036
REDHAT RHSA-2011:0307
REDHAT RHSA-2011:0308
SUSE SUSE-SR:2011:009
SUSE openSUSE-SU-2011:0424
UBUNTU USN-1069-1
BID 46464
OSVDB 70936
SECTRACK 1025106
SECUNIA 43294
SECUNIA 43389
SECUNIA 43425
SECUNIA 43549
SECUNIA 43580
SECUNIA 43829
VUPEN ADV-2011-0435
VUPEN ADV-2011-0436
VUPEN ADV-2011-0460
VUPEN ADV-2011-0487
VUPEN ADV-2011-0542
VUPEN ADV-2011-0720
XF mailman-fullname-xss(65538)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.