saw this on bugtraq, figuried it was a good idea to relay here. MJM
----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 24, 2003 9:35 AM Subject: [ham] Mailman: cross-site scripting bug > > > Product: Mailman > Affected Version: 2.1 not other version has been tested > Vendor's URL: http://www.gnu.org/software/mailman/ > Solution: TBC > Author: Manuel Rodriguez > > Introduction: > ------------ > Mailman is software to help manage electronic mail discussion lists, much > like Majordomo or Smartmail. And Mailman have web interface systems. > > > Example: > ----------------- > This is a simple example for version 2.1: > > 1) With mailman options the email variable is vulnerable to cross-site > scripting. > > You can recognise the vulnerabilities with this type of URL: > > https://www.yourserver.com:443/mailman/options/yourlist? > language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT> > and that prove that any (malicious) script code is possible on web > interface part of Mailman. > > 2) The default error page mailman generates does not adequately filter its > input making it susceptible to cross-site scripting. > > https://www.yourserver.com:443//mailman/options/yourlist? > language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT> > _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers
