23 Jul
2018
23 Jul
'18
12:17 p.m.
** Description changed: A URL with a very long text listname such as http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phis... will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. + + This issue was discovered by Hammad Qureshi + <Hammad.Qureshi@dig8labs.com>. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions