GNU Mailman Admin Login Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

GNU Mailman Admin Login Cross-Site Scripting Vulnerability

GNU Mailman is prone to a cross-site scripting vulnerability. An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code.

A user visiting the link will have the attacker's script code executed in their web browser in the context of the site running the vulnerable software.