GNU Mailman Admin Page Multiple Cross-Site Scripting Vulnerabilities

Multiple cross-site scripting vulnerabilities were reported to exist in the administrative pages for GNU Mailman. These issues would likely be exploitable by enticing an administrative user to follow a malicious link with hostile HTML and script code embedded in it.

Exploitation would likely result in theft of administrative cookie-based authentication credentials. Other attacks would also be possible.


Privacy Statement
Copyright 2010, SecurityFocus