[] NeoSense
E X P L O I T S
title author type platform port cve id

GNU Mailman 2.1 - Error Page Cross-Site Scripting

Author: webmaster@procheckup.com
type: webapps
platform: cgi
port: 
date_added: 2003-01-24 
date_updated: 2012-10-24 
verified: 1 
codes: CVE-2003-0038;OSVDB-9206 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/6678/info

A vulnerability has been discovered in GNU Mailman. The issue occurs to insufficient sanitization of user-supplied data which is output when generating error pages.

As a result, attackers may embed malicious script code or HTML into a link to a site running the vulnerable software. If such a link is followed, the attacker-supplied code will be interpreted in the web browser of the victim of the attack. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

It has been reported that GNU Mailman 2.0.11 is not affected by this issue.

https://www.yourserver.com:443//mailman/options/yourlist?
language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.