Rapid7 Vulnerability & Exploit Database

SUSE-SR:2005:002:vuln7: cross site scripting and weak passwords in mailman

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SR:2005:002:vuln7: cross site scripting and weak passwords in mailman

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

01/26/2005

Created

07/25/2018

Added

01/10/2006

Modified

11/18/2015

Description

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.

Solution(s)

References

https://attackerkb.com/topics/cve-2004-1177
CVE - 2004-1177
DSA-674
MDKSA-2005:015
OVAL11113
RHSA-2005:235
SUSE-SA:2005:007
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555
http://marc.theaimsgroup.com/?l=bugtraq&m=110549296126351&w=2
http://www.novell.com/linux/security/advisories/2005_02_sr.html
18854

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;