Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Leif Sawyer (lsawyer_at_gci.com)
Date: Fri Jan 24 2003 - 15:32:37 CST
<h2>Error</h2><strong>Invalid options to CGI script.</strong>
2.0.11 doesn't seem to be vulnerable to this.
(although it's got some other issues, but nothing serious for an
> -----Original Message-----
> From: webmasterprocheckup.com [mailto:webmasterprocheckup.com]
> Sent: Friday, January 24, 2003 5:35 AM
> To: bugtraqsecurityfocus.com
> Subject: Mailman: cross-site scripting bug
> Product: Mailman
> Affected Version: 2.1 not other version has been tested
> Vendor's URL: http://www.gnu.org/software/mailman/
> Solution: TBC
> Author: Manuel Rodriguez
> Mailman is software to help manage electronic mail discussion
> lists, much
> like Majordomo or Smartmail. And Mailman have web interface systems.
> This is a simple example for version 2.1:
> 1) With mailman options the email variable is vulnerable to
> You can recognise the vulnerabilities with this type of URL:
> and that prove that any (malicious) script code is possible on web
> interface part of Mailman.
> 2) The default error page mailman generates does not
> adequately filter its
> input making it susceptible to cross-site scripting.
- application/x-pkcs7-signature attachment: smime.p7s