Vulnerability-Lookup

FKIE_CVE-2003-0038

Vulnerability from fkie_nvd - Published: 2003-02-07 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

References

URL	Tags
cve@mitre.org	http://marc.info/?l=bugtraq&m=104342745916111
cve@mitre.org	http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt	Patch
cve@mitre.org	http://www.debian.org/security/2004/dsa-436	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/9205
cve@mitre.org	http://www.securityfocus.com/bid/6677
cve@mitre.org	http://www.securitytracker.com/id?1005987
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/11152
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104342745916111
af854a3a-2127-422b-91ae-364da2661108	http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-436	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/9205
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/6677
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1005987
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/11152

Impacted products

	Vendor	Product	Version
	gnu	mailman	2.1

JSON

To clipboard Create KEV Entry

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en options.py en Mailman 2.1 y anteriores permite a atacantes remotos inyectar script o HTML en p\u00e1ginas web mediante correo electr\u00f3nico o par\u00e1metros de lenguaje."
    }
  ],
  "id": "CVE-2003-0038",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-02-07T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-436"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/9205"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6677"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1005987"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2004/dsa-436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/9205"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1005987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2003-0038 (GCVE-0-2003-0038)

Vulnerability from cvelistv5 – Published: 2003-01-29 05:00 – Updated: 2024-08-08 01:43

Summary

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=104342745916111	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/9205	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/6677	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1005987	vdb-entryx_refsource_SECTRACK
	http://telia.dl.sourceforge.net/sourceforge/mailm…	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.debian.org/security/2004/dsa-436	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard Create KEV Entry

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030124 Mailman: cross-site scripting bug",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
          },
          {
            "name": "9205",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/9205"
          },
          {
            "name": "6677",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6677"
          },
          {
            "name": "1005987",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1005987"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
          },
          {
            "name": "mailman-email-variable-xss(11152)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
          },
          {
            "name": "DSA-436",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-436"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030124 Mailman: cross-site scripting bug",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
        },
        {
          "name": "9205",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/9205"
        },
        {
          "name": "6677",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6677"
        },
        {
          "name": "1005987",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1005987"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
        },
        {
          "name": "mailman-email-variable-xss(11152)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
        },
        {
          "name": "DSA-436",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-436"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0038",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030124 Mailman: cross-site scripting bug",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
            },
            {
              "name": "9205",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/9205"
            },
            {
              "name": "6677",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6677"
            },
            {
              "name": "1005987",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1005987"
            },
            {
              "name": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt",
              "refsource": "CONFIRM",
              "url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
            },
            {
              "name": "mailman-email-variable-xss(11152)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
            },
            {
              "name": "DSA-436",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-436"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0038",
    "datePublished": "2003-01-29T05:00:00",
    "dateReserved": "2003-01-27T00:00:00",
    "dateUpdated": "2024-08-08T01:43:35.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2003-0038

CVE-2003-0038 (GCVE-0-2003-0038)

Tags

Sightings

Nomenclature