CVE-2011-0707
Published: 18 February 2011
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
Priority
Status
Package | Release | Status |
---|---|---|
mailman Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Released
(2.1.5-9ubuntu4.4)
|
|
hardy |
Released
(1:2.1.9-9ubuntu1.4)
|
|
karmic |
Released
(1:2.1.12-2ubuntu0.2)
|
|
lucid |
Released
(1:2.1.13-1ubuntu0.2)
|
|
maverick |
Released
(1:2.1.13-4ubuntu0.2)
|
|
Patches: upstream: http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html |