Mandrake Linux Security Advisory : mailman (MDKSA-2005:015)
Medium Nessus Plugin ID 16243
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionFlorian Weimer discovered a vulnerability in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input is not properly sanitised by 'scripts/driver' when returning error pages. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of a vulnerable site by tricking a user into visiting a malicious web site or follow a specially crafted link. (CVE-2004-1177).
SolutionUpdate the affected mailman package.