Vulnerabilities > GNU > Mailman > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-06-24 | CVE-2020-15011 | Injection vulnerability in multiple products GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | 2.6 |
2018-07-26 | CVE-2018-0618 | Cross-site Scripting vulnerability in multiple products Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2006-09-07 | CVE-2006-4624 | Code Injection vulnerability in GNU Mailman CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. | 2.6 |
2002-06-18 | CVE-2002-0389 | Unspecified vulnerability in GNU Mailman Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. | 2.1 |