[Mailman-Developers] Security - XSS JavaScript and SQL injection in Mailman, Postorius and Hyperkitty
Barry Warsaw
barry at list.org
Fri Feb 6 00:18:09 CET 2015
On Feb 06, 2015, at 09:22 AM, Andrew Stuart wrote:
>Does the code of Mailman 3, Hyperkitty and Postorius do anything to address
>concerns around SQL and JavaScript injections, either from inbound emails or
>via the fields coming in via web interface or REST API?
The core does not. It doesn't expose a public web or REST interface.
I'm not aware of any email command vulnerabilities.
Cheers,
-Barry
More information about the Mailman-Developers
mailing list