CVE-2011-5024

Published Dec 29, 2011

Last updated 9 months ago

Overview

Description: Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA788EB3-E162-4752-984D-5601A8C6C770"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2571330-3239-469E-883D-8994257D0C55"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F27323B-6B10-4941-B20B-187562797D44"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "890FEDE2-474A-4870-9165-CAD39BC6D318"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1C7EEDB-5794-419A-8E61-137DB76A4E15"
          },
          {
            "criteria": "cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F7A3B58-4038-41AE-A42E-BE743A14D5A2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References