Joined: 25 Feb 2003
Location: Essen, Germany
|Posted: Sat Jan 22, 2005 7:49 am Post subject: [ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerabili
|Gentoo Linux Security Advisory
Title: Mailman: Cross-site scripting vulnerability (GLSA 200501-29)
Date: January 22, 2005
Mailman is vulnerable to cross-site scripting attacks.
Mailman is a Python-based mailing list server with an extensive web interface.
Vulnerable: < 2.1.5-r3
Unaffected: >= 2.1.5-r3
Architectures: All supported architectures
Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman.
By enticing a user to visiting a specially-crafted URL, an attacker can execute arbitrary script code running in the context of the victim's browser.
There is no known workaround at this time.
All Mailman users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Last edited by GLSA on Tue Aug 29, 2006 4:17 am; edited 3 times in total