CVE-2010-3089 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.

Reference

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html http://marc.info/?l=oss-security&m=128438736513097&w=2 http://marc.info/?l=oss-security&m=128440851513718&w=2 http://marc.info/?l=oss-security&m=128441135117819&w=2 http://marc.info/?l=oss-security&m=128441237618793&w=2 http://marc.info/?l=oss-security&m=128441369020123&w=2 http://secunia.com/advisories/41265 http://secunia.com/advisories/42502 http://secunia.com/advisories/43294 http://secunia.com/advisories/43425 http://secunia.com/advisories/43549 http://secunia.com/advisories/43580 http://support.apple.com/kb/HT4581 http://www.debian.org/security/2011/dsa-2170 http://www.redhat.com/support/errata/RHSA-2011-0307.html http://www.redhat.com/support/errata/RHSA-2011-0308.html http://www.ubuntu.com/usn/USN-1069-1 http://www.vupen.com/english/advisories/2010/3271 http://www.vupen.com/english/advisories/2011/0436 http://www.vupen.com/english/advisories/2011/0460 http://www.vupen.com/english/advisories/2011/0542 https://bugzilla.redhat.com/show_bug.cgi?id=631859 https://bugzilla.redhat.com/show_bug.cgi?id=631881 https://launchpad.net/mailman/+milestone/2.1.14rc1