CVE-ID

CVE-2002-0855

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20020813 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20030325-01)
Votes (Legacy)
ACCEPT(3) Baker, Cole, Wall
MODIFY(2) Cox, Frech
NOOP(2) Christey, Foat
Comments (Legacy)
 Cox> ADDREF:REDHAT:RHSA-2002:181
 Frech> XF:mailman-subscription-option-xss(9985)
 Christey> Add to desc: "via the (1) adminpw or (2) info parameters to
   the ml-name feature.
   ADDREF CONECTIVA:CLA-2002:522
   
   It's not clear whether DEBIAN:DSA-147-2 addresses this issue
   in addition to, or instead of, CVE-2002-0388
 Christey> BID:5298
   
   Debian (Joey) has confirmed that DSA-147 also addresses this
   issue.

Proposed (Legacy)
20020830
This is an entry on the CVE list, which standardizes names for security problems.