Mailman Multiple Input Validation Vulnerabilities

Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input. These issues include multiple cross-site scripting vulnerabilities and a CRLF-injection vulnerability.

A successful exploit of these issues could allow an attacker to steal cookie-based authentication credentials, add additional content to the log file, possibly hide current attacks, or launch phishing-style attacks; other attacks may also be possible.

Versions between 2.1.0 and 2.1.8 are vulnerable to this issue; other versions prior to 2.1.0 may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus