CVE-2003-0038 — mailman - several vulnerabilities

Description

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

How to fix CVE-2003-0038

To remediate CVE-2003-0038, upgrade the affected package to a fixed version below.

Debian/mailman—upgrade to 2.0.11-1woody7 or later
PyPI/mailman—upgrade to 2.1.1 or later

Is CVE-2003-0038 being exploited?

Moderate — EPSS is 10.6%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 2.0.11-1woody7
from 0, < 2.1.1

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2003-0038
WEBmarc.info/?l=bugtraq&m=104342745916111
WEBexchange.xforce.ibmcloud.com/vulnerabilities/11152
WEBtelia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt
WEB