CVE-2010-3089

Related Files

Ubuntu Security Notice USN-1069-1

Posted Feb 22, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1069-1 - It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss

systems | linux, ubuntu

advisories | CVE-2010-3089, CVE-2011-0707

SHA-256 | fdba9a23075e131a564baf3270fe1ab05ec54aef3f93be54371d55937b4d212a

Download | Favorite | View

Debian Security Advisory 2170-1

Posted Feb 20, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2170-1 - Two cross site scripting vulnerabilities were been discovered in Mailman, a web-based mailing list manager. These allowed an attacker to retrieve session cookies via inserting crafted JavaScript into confirmation messages (CVE-2011-0707) and in the list admin interface (CVE-2010-3089; oldstable only).

tags | advisory, web, javascript, vulnerability, xss

systems | linux, debian

advisories | CVE-2010-3089, CVE-2011-0707

SHA-256 | bf4c1ab6425684582dd00c580956547795a061ac12e8a962764fb21a775b50ee

Download | Favorite | View

Mandriva Linux Security Advisory 2010-191

Posted Oct 1, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-191 - Multiple cross-site scripting vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving the list information field or the list description field.

tags | advisory, remote, web, arbitrary, vulnerability, xss

systems | linux, mandriva

advisories | CVE-2010-3089

SHA-256 | 69ac23bb749b1900777ce4b515706762e22cf782817709f51e127d014a70e691

Download | Favorite | View