Vulnerabilities > GNU > Mailman > 2.1.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-06 | CVE-2020-12108 | Injection vulnerability in multiple products /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. | 6.5 |
| 2020-04-24 | CVE-2020-12137 | Cross-site Scripting vulnerability in multiple products GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. | 6.1 |
| 2018-07-26 | CVE-2018-0618 | Cross-site Scripting vulnerability in multiple products Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-07-12 | CVE-2018-13796 | Improper Input Validation vulnerability in GNU Mailman An issue was discovered in GNU Mailman before 2.1.28. | 6.5 |
| 2018-01-23 | CVE-2018-5950 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. | 6.1 |
| 2016-09-02 | CVE-2016-6893 | Cross-Site Request Forgery (CSRF) vulnerability in GNU Mailman Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | 8.8 |