Security - XSS JavaScript and SQL injection in Mailman, Postorius and Hyperkitty
Feb. 5, 2015
10:22 p.m.
Does the code of Mailman 3, Hyperkitty and Postorius do anything to address concerns around SQL and JavaScript injections, either from inbound emails or via the fields coming in via web interface or REST API?
thanks
February 2015
11:18 p.m.
New subject: Security - XSS JavaScript and SQL injection in Mailman, Postorius and Hyperkitty
On Feb 06, 2015, at 09:22 AM, Andrew Stuart wrote:
Does the code of Mailman 3, Hyperkitty and Postorius do anything to address concerns around SQL and JavaScript injections, either from inbound emails or via the fields coming in via web interface or REST API?
The core does not. It doesn't expose a public web or REST interface.
I'm not aware of any email command vulnerabilities.
Cheers, -Barry
3645
Age (days ago)
3645
Last active (days ago)
1 comments
2 participants
participants (2)
-
Andrew Stuart -
Barry Warsaw