[Bug 1780874] Re: Arbitrary text injection vulnerability in Mailman CGIs

Mark Sapiro mark at msapiro.net
Mon Jul 23 15:17:09 EDT 2018


** Description changed:

  A URL with a very long text listname such as
  
  http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text
  
  will echo the text in the "No such list" error response. This can be
  used to make a potential victim think the phishing text comes from a
  trusted site.
+ 
+ This issue was discovered by Hammad Qureshi
+ <Hammad.Qureshi at dig8labs.com>.

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1780874

Title:
  Arbitrary text injection vulnerability in Mailman CGIs

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions


More information about the Mailman-coders mailing list