Product: Mailman

Affected Version: 2.1 not other version has been tested

Vendor's URL: http://www.gnu.org/software/mailman/

Solution: TBC

Author: Manuel Rodriguez

Introduction:

------------

Mailman is software to help manage electronic mail discussion lists, much

like Majordomo or Smartmail. And Mailman have web interface systems.

Example:

-----------------

This is a simple example for version 2.1:

1) With mailman options the email variable is vulnerable to cross-site

scripting.

You can recognise the vulnerabilities with this type of URL:

https://www.yourserver.com:443/mailman/options/yourlist?

language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20Attack')<
/SCRIPT>

and that prove that any (malicious) script code is possible on web

interface part of Mailman.

2) The default error page mailman generates does not adequately filter its

input making it susceptible to cross-site scripting.

https://www.yourserver.com:443//mailman/options/yourlist?

language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT&g
t;

[ reply ]