GLSA-200501-29 : Mailman: XSS vulnerability
Medium Nessus Plugin ID 16420
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200501-29 (Mailman: XSS vulnerability)
Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman.
By enticing a user to visiting a specially crafted URL, an attacker can execute arbitrary script code running in the context of the victim's browser.
There is no known workaround at this time.
SolutionAll Mailman users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-mail/mailman-2.1.5-r3'