Vulnerabilities > CVE-2006-1712 - Unspecified vulnerability in GNU Mailman 2.1.7

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
nessus

Summary

Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.

Vulnerable Configurations

Part Description Count
Application
Gnu
1

Nessus

NASL familyFreeBSD Local Security Checks
NASL idFREEBSD_PKG_8BE2E304CCE611DAA3B100123FFE8333.NASL
descriptionSecunia reports : A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user
last seen2020-06-01
modified2020-06-02
plugin id21469
published2006-05-13
reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/21469
titleFreeBSD : mailman -- Private Archive Script XSS (8be2e304-cce6-11da-a3b1-00123ffe8333)