GNU Mailman Cross-Site Scripting Vulnerability

GNU Mailman is a freely available, open-source mailing list manager written in Python and C. It runs on Linux and other Unix-based systems.

Mailman is prone to cross-site scripting attacks. It is possible to include malicious script code in a link to a site running Mailman. When a web user clicks the maliciously constructed link, the script code will be executed in the context of the Mailman site.

This vulnerability might be exploited to collect information about a web user or to possibly gain access to cookie-based authentication credentials.


Privacy Statement
Copyright 2010, SecurityFocus