FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman XSS in admin script

Affected packages
mailman < 2.1.4

Details

VuXML ID 3cb88bb2-67a6-11d8-80e3-0020ed76ef5a
Discovery 2003-12-31
Entry 2004-02-25

Dirk Mueller reports:

I've found a cross-site scripting vulnerability in the admin interface of mailman 2.1.3 that allows, under certain circumstances, for anyone to retrieve the (valid) session cookie.

References

CVE Name CVE-2003-0965
URL http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html
URL http://xforce.iss.net/xforce/xfdb/14121

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.