Bugtraq mailing list archives
Re: Mailman: cross-site scripting bug
From: Axel Beckert - ecos gmbh <beckert () ecos de>
Date: Mon, 27 Jan 2003 21:28:09 +0100
At Fri, Jan 24, 2003 at 12:32:37PM -0900, Leif Sawyer wrote:
https://workserver//mailman/options/ak3barons?language=<SCRIPT>ale rt('Can%20Cross%20Site%20Attack')</SCRIPT> returns: <h2>Error</h2><strong>Invalid options to CGI script.</strong> 2.0.11 doesn't seem to be vulnerable to this.
Same counts for 2.0.13 on Apache 1.3.27. Kind regards, Axel Beckert -- ------------------------------------------------------------- Axel Beckert ecos electronic communication services gmbh Internetconnect * Webserver/-design/-datenbanken * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: beckert () ecos de Voice: +49 6133 939-220 WWW: http://www.ecos.de/ Fax: +49 6133 939-111 -------------------------------------------------------------
Current thread:
- Mailman: cross-site scripting bug webmaster (Jan 24)
- <Possible follow-ups>
- Re: Mailman: cross-site scripting bug Axel Beckert - ecos gmbh (Jan 29)