[ Cgi Security Advisory #7 ]
                                     admin@cgisecurity.com
                         Mailman Email archiver Cross Site Scripting Hole




Found
November 2001

Public Release
Sometime in November 2001


Vendor Contacted
November 2001

Scripts Effected: Mailman Email Archiver
Price: Free

Versions:
All Versions appear to be effected

Platforms:
Unix, Linux, Other?

Vendor:
http://sourceforge.net/projects/mailman
http://www.gnu.org/software/mailman/mailman.html


1. Problem

This product is affected by a Cross Site Scripting hole, which may allow
an attacker to trick a user into thinking something the attacker wrote
actually came from the site that is effected. This involves some social 
engineering to a point but could possibly allow gathering of user information
and other types of fraud.


http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

This will gladly show you a pop up javascript box.


2. Fixes

The vendor has been notified of the problem, 
Upgrade to version 2.0.8 in order to fix this problem.

TarBalls
http://sourceforge.net/project/showfiles.php?group_id=103




Published to the Public November 2001
Copyright November 2001 Cgisecurity.com