[Mailman-Users] Possible XSS in Mailman 2.1.4
Ho Yin Au
hya at bluesite.com
Sat Feb 21 23:35:15 CET 2004
I think I've stumbled on a possible Cross-Site-Scripting vulnerability
in Mailman 2.1.4. Take a look:
* Set up a new list and configure it with private archives
* Try to view the archives - enter something like <script
EMail Address box. Click on "Let me in."
On a side note, is it possible for that page to not reveal any sensitive
information such as path and environmental variables?
More information about the Mailman-Users