Vulnerability Name:

CVE-2003-0038 (CCN-11152)

Assigned:2003-01-24
Published:2003-01-24
Updated:2017-07-11
Summary:Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Jan 24 2003 - 08:35:07 CST
Mailman: cross-site scripting bug

Source: MITRE
Type: CNA
CVE-2003-0038

Source: BUGTRAQ
Type: UNKNOWN
20030124 Mailman: cross-site scripting bug

Source: CCN
Type: SECTRACK ID: 1005987
Mailman List Software Input Validation Flaw in `email` Variable Allows Remote Users to Conduct Cross-Site Scripting Attacks

Source: CONFIRM
Type: Patch
http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-436

Source: DEBIAN
Type: DSA-436
mailman -- several vulnerabilities

Source: CCN
Type: Gentoo Linux Security Announcement 2003-02-17 09:16 UTC
mailman -- cross site scripting

Source: OSVDB
Type: UNKNOWN
9205

Source: CCN
Type: OSVDB ID: 9205
Mailman options.py email Parameter XSS

Source: BID
Type: UNKNOWN
6677

Source: CCN
Type: BID-6677
GNU Mailman email Cross Site Scripting Vulnerability

Source: SECTRACK
Type: UNKNOWN
1005987

Source: XF
Type: UNKNOWN
mailman-email-variable-xss(11152)

Source: XF
Type: UNKNOWN
mailman-email-variable-xss(11152)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:mailman:2.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2003-0038 (CCN-11175)

    Assigned:2003-01-24
    Published:2003-01-24
    Updated:2003-01-24
    Summary:GNU Mailman is vulnerable to cross-site scripting, caused by improper filtering of user-supplied input. A remote attacker could embed malicious script within a URL request, which would be executed in the victim's Web browser within the security context of the hosting site, once the link is clicked and an error page is returned. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials.
    CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
    3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
    2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Fri Jan 24 2003 - 08:35:07 CST
    Mailman: cross-site scripting bug

    Source: CCN
    Type: BugTraq Mailing List, Sun Jan 26 2003 - 15:52:32 CST
    Re: Mailman: cross-site scripting bug

    Source: MITRE
    Type: CNA
    CVE-2003-0038

    Source: CCN
    Type: SECTRACK ID: 1005987
    Mailman List Software Input Validation Flaw in `email` Variable Allows Remote Users to Conduct Cross-Site Scripting Attacks

    Source: CCN
    Type: Mailman Web site
    Project: Mailman: File List

    Source: DEBIAN
    Type: DSA-436
    mailman -- several vulnerabilities

    Source: CCN
    Type: Gentoo Linux Security Announcement 2003-02-17 09:16 UTC
    mailman -- cross site scripting

    Source: CCN
    Type: OSVDB ID: 9205
    Mailman options.py email Parameter XSS

    Source: CCN
    Type: BID-6677
    GNU Mailman email Cross Site Scripting Vulnerability

    Source: CCN
    Type: BID-6678
    GNU Mailman Error Page Cross Site Scripting Vulnerability

    Source: XF
    Type: UNKNOWN
    mailman-error-page-xss(11175)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:gnu:mailman:2.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:436
    V
    		several vulnerabilities
    2004-02-08
    BACK
    gnu mailman 2.1
    gnu mailman 2.1
    debian debian linux 3.0
    gentoo linux *