Description

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.

Remediation

References

CVE-2011-0707

Related Vulnerabilities

MySQL CVE-2017-3649 Vulnerability (CVE-2017-3649)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.36)

WordPress Plugin Premmerce Permalink Manager for WooCommerce Local File Inclusion (2.3.10)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3220)

Oracle JRE CVE-2013-2470 Vulnerability (CVE-2013-2470)

Severity

Medium

Classification

CVE-2011-0707 CWE-707

Tags

Missing Update Known Vulnerabilities