- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22199
- Проверка EDB
-
- Пройдено
- Автор
- WEBMASTER@PROCHECKUP.COM
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- cve-2003-0038
- Дата публикации
- 2003-01-24
Код:
source: https://www.securityfocus.com/bid/6678/info
A vulnerability has been discovered in GNU Mailman. The issue occurs to insufficient sanitization of user-supplied data which is output when generating error pages.
As a result, attackers may embed malicious script code or HTML into a link to a site running the vulnerable software. If such a link is followed, the attacker-supplied code will be interpreted in the web browser of the victim of the attack. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.
It has been reported that GNU Mailman 2.0.11 is not affected by this issue.
https://www.yourserver.com:443//mailman/options/yourlist?
language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>- Источник
- www.exploit-db.com
