Security
Security
Mailman is vulnerable to cross-site scripting attacks.
| Package | net-mail/mailman on all architectures |
|---|---|
| Affected versions | < 2.1.5-r3 |
| Unaffected versions | >= 2.1.5-r3 |
Mailman is a Python-based mailing list server with an extensive web interface.
Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman.
By enticing a user to visiting a specially-crafted URL, an attacker can execute arbitrary script code running in the context of the victim's browser.
There is no known workaround at this time.
All Mailman users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Release date
January 22, 2005
Latest revision
January 22, 2005: 01
Severity
low
Exploitable
remote
Bugzilla entries