Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0307
The remote host is missing updates announced in
advisory RHSA-2011:0307.

Mailman is a program used to help manage email discussion lists.

Multiple input sanitization flaws were found in the way Mailman displayed
usernames of subscribed users on certain pages. If a user who is subscribed
to a mailing list were able to trick a victim into visiting one of those
pages, they could perform a cross-site scripting (XSS) attack against the
victim. (CVE-2011-0707)

Multiple input sanitization flaws were found in the way Mailman displayed
mailing list information. A mailing list administrator could use this flaw
to conduct a cross-site scripting (XSS) attack against victims viewing a
list's listinfo page. (CVE-2008-0564, CVE-2010-3089)

Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and
CVE-2010-3089 issues.

Users of mailman should upgrade to this updated package, which contains
backported patches to correct these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Medium

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0564
BugTraq ID: 27630
Bugtraq: 20080215 rPSA-2008-0056-1 mailman (Google Search)
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2010-3089
Debian Security Information: DSA-2170 (Google Search)
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
SuSE Security Announcement: openSUSE-SU-2011:0424 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2011-0707
BugTraq ID: 46464
XForce ISS Database: mailman-fullname-xss(65538)
CopyrightCopyright (c) 2011 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.