Moderate severityNVD Advisory· Published Feb 7, 2003· Updated Apr 16, 2026

CVE-2003-0038

Description

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mailmanPyPI	< 2.1.1	2.1.1

Affected products

GNU/Mailman
cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txtnvdPatchWEB
www.debian.org/security/2004/dsa-436nvdPatchVendor AdvisoryWEB
github.com/advisories/GHSA-82rm-28q9-435pghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2003-0038ghsaADVISORY
marc.infonvdWEB
www.osvdb.org/9205nvdWEB
www.securityfocus.com/bid/6677nvdWEB
www.securitytracker.com/idnvdWEB
exchange.xforce.ibmcloud.com/vulnerabilities/11152nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000