Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Fri Jan 24 2003 - 08:35:07 CST
('binary' encoding is not supported, stored as-is)
Affected Version: 2.1 not other version has been tested
Vendor's URL: http://www.gnu.org/software/mailman/
Author: Manuel Rodriguez
Mailman is software to help manage electronic mail discussion lists, much
like Majordomo or Smartmail. And Mailman have web interface systems.
This is a simple example for version 2.1:
1) With mailman options the email variable is vulnerable to cross-site
You can recognise the vulnerabilities with this type of URL:
and that prove that any (malicious) script code is possible on web
interface part of Mailman.
2) The default error page mailman generates does not adequately filter its
input making it susceptible to cross-site scripting.