| Max CVSS | 4.3 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-12137 | 4.3 |
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type,
|
16-11-2022 - 03:14 | 24-04-2020 - 13:15 | |
| CVE-2018-13796 | 4.3 |
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
|
06-05-2020 - 20:15 | 12-07-2018 - 18:29 | |
| CVE-2018-0618 | 3.5 |
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
06-05-2020 - 20:15 | 26-07-2018 - 17:29 |