FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mailman -- script insertion vulnerability

Affected packages
ja-mailman < 2.1.10
mailman < 2.1.10
mailman-with-htdig < 2.1.10

Details

VuXML ID f47f2746-12c5-11dd-bab7-0016179b2dd5
Discovery 2008-02-05
Entry 2008-04-25

Secunia reports:

A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks.

Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious website is accessed.

References

Bugtraq ID 27630
CVE Name CVE-2008-0564
URL http://secunia.com/advisories/28794
URL http://sourceforge.net/project/shownotes.php?release_id=593924
URL http://www.ubuntu.com/usn/usn-586-1