fml Mailing List HTML Injection Vulnerability

fml Mailing List HTML Injection Vulnerability

The fml Mailing List Server is a collection of perl scripts providing mailing list administration functionality for Linux and other systems. It includes support for a web based archive.

When index pages are created for these archives, the characters < and > are not properly escaped in email subject lines. This could lead to the injection of additional HTML tags, including the possibility of cross-site scripting attacks.

Earlier versions of flm may share this vulnerability.