Description
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2014-0456 Vulnerability (CVE-2014-0456)
MySQL CVE-2019-2968 Vulnerability (CVE-2019-2968)
qdPM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-26180)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2017-1000018)
Jenkins Improper Input Validation Vulnerability (CVE-2016-0789)