mailman -- XSS vulnerability

2011-02-13T00:00:00
ID 64691C49-4B22-11E0-A226-00E0815B8DA8
Type freebsd
Reporter FreeBSD
Modified 2011-02-13T00:00:00

Description

CVE reports:

Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.