December 17, 2001

Debian: 'mailman' cross-site scripting vulnerability

Author: JT Smith

LinuxSecurity: "Barry A. Warsaw reported several cross-site scripting security holes
in Mailman, due to non-existent escaping of CGI variables.

These have been fixed upstream in version 2.0.8, and the relevant
patches have been backported to version 1.1-10 in Debian."


  • Linux
Click Here!