OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

mailman -- cross-site scripting vulnerability

Affected packages
mailman < 2.1.5p1

Details

VuXML ID d47b6772-6f81-11d9-909c-080020fe8945
Discovery 2005-01-12
Entry 2005-01-26

Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman.

By enticing a user to visiting a specially-crafted URL, an attacker can execute arbitrary script code running in the context of the victim's browser

References

CVE Name CAN-2004-1177
URL http://secunia.com/advisories/13603

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.