FreeBSD : mailman -- hardening against malicious listowners injecting evil HTML scripts (739948e3-78bf-11e8-b23c-080027ac955c)
Low Nessus Plugin ID 110691
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionMark Sapiro reports :
Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added.
A few more error messages have had their values HTML escaped.
The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and IP address.
SolutionUpdate the affected packages.