Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2010:191 | First vendor Publication | 2010-10-01 |
| Vendor | Mandriva | Last vendor Modification | 2010-10-01 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 3.5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities has been found and corrected in mailman: Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field (CVE-2010-3089). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:191 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-07-30 | Name : CentOS Update for mailman CESA-2011:0307 centos5 x86_64 File : nvt/gb_CESA-2011_0307_mailman_centos5_x86_64.nasl |
| 2012-07-09 | Name : RedHat Update for mailman RHSA-2011:0308-01 File : nvt/gb_RHSA-2011_0308-01_mailman.nasl |
| 2011-08-26 | Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001) File : nvt/secpod_macosx_su11-001.nasl |
| 2011-08-09 | Name : CentOS Update for mailman CESA-2011:0307 centos5 i386 File : nvt/gb_CESA-2011_0307_mailman_centos5_i386.nasl |
| 2011-03-24 | Name : Fedora Update for mailman FEDORA-2011-2102 File : nvt/gb_fedora_2011_2102_mailman_fc14.nasl |
| 2011-03-24 | Name : Fedora Update for mailman FEDORA-2011-2125 File : nvt/gb_fedora_2011_2125_mailman_fc13.nasl |
| 2011-03-09 | Name : Debian Security Advisory DSA 2170-1 (mailman) File : nvt/deb_2170_1.nasl |
| 2011-03-07 | Name : CentOS Update for mailman CESA-2011:0307 centos4 i386 File : nvt/gb_CESA-2011_0307_mailman_centos4_i386.nasl |
| 2011-03-07 | Name : RedHat Update for mailman RHSA-2011:0307-01 File : nvt/gb_RHSA-2011_0307-01_mailman.nasl |
| 2011-02-28 | Name : Ubuntu Update for mailman vulnerabilities USN-1069-1 File : nvt/gb_ubuntu_USN_1069_1.nasl |
| 2010-12-28 | Name : Fedora Update for mailman FEDORA-2010-14834 File : nvt/gb_fedora_2010_14834_mailman_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for mailman FEDORA-2010-14877 File : nvt/gb_fedora_2010_14877_mailman_fc13.nasl |
| 2010-11-17 | Name : FreeBSD Ports: mailman File : nvt/freebsd_mailman8.nasl |
| 2010-10-04 | Name : Mandriva Update for mailman MDVSA-2010:191 (mailman) File : nvt/gb_mandriva_MDVSA_2010_191.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 68035 | Mailman listinfo.py List Description Field XSS Mailman contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'List Description' Field upon submission to the 'listinfo.py' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 68032 | Mailman HTMLFormatter.py List Description Field XSS Mailman contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'List Description' Field upon submission to the 'HTMLFormatter.py' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mailman-110331.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0308.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0307.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110301_mailman_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110301_mailman_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mailman-7484.nasl - Type : ACT_GATHER_INFO |
| 2011-05-19 | Name : A web application on the remote host has multiple cross-site scripting vulner... File : mailman_2_1_14.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mailman-110426.nasl - Type : ACT_GATHER_INFO |
| 2011-05-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mailman-7489.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_mailman-110426.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO |
| 2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0307.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-0307.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0308.nasl - Type : ACT_GATHER_INFO |
| 2011-02-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1069-1.nasl - Type : ACT_GATHER_INFO |
| 2011-02-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2170.nasl - Type : ACT_GATHER_INFO |
| 2010-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14834.nasl - Type : ACT_GATHER_INFO |
| 2010-12-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14877.nasl - Type : ACT_GATHER_INFO |
| 2010-11-04 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4ab29e12e78711dfadfa00e0815b8da8.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-191.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:41:45 |
|
