GHSA-rh6c-jh4c-9fg3

Suggest an improvement
Source
https://github.com/advisories/GHSA-rh6c-jh4c-9fg3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-rh6c-jh4c-9fg3/GHSA-rh6c-jh4c-9fg3.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-rh6c-jh4c-9fg3
Aliases
  • CVE-2004-1177
Published
2022-04-29T02:59:06Z
Modified
2024-11-28T05:43:35.218272Z
Summary
mailman Cross-site scripting (XSS) vulnerability
Details

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.

Database specific
{
    "nvd_published_at": "2005-01-10T05:00:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-18T22:51:56Z"
}
References

Affected packages

PyPI / mailman

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.5

Affected versions

3.*

3.0.0b3-