info
discussion
exploit
solution
references
Sympa New List HTML Injection Vulnerability
An exploit is not required. Example input data for the 'Description' field was provided:
Whatever_you_want<script>alert("Your cookie is " + document.cookie)</script>
Privacy Statement
Copyright 2010, SecurityFocus
