[Bug 1780874] Re: Arbitrary text injection vulnerability in Mailman CGIs

Mark Sapiro mark at msapiro.net
Mon Jul 23 15:17:09 EDT 2018

** Description changed:

  A URL with a very long text listname such as
  will echo the text in the "No such list" error response. This can be
  used to make a potential victim think the phishing text comes from a
  trusted site.
+ This issue was discovered by Hammad Qureshi
+ <Hammad.Qureshi at dig8labs.com>.

You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.

  Arbitrary text injection vulnerability in Mailman CGIs

To manage notifications about this bug go to:

More information about the Mailman-coders mailing list