Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-29] Mailman: Cross-site scripting vulnerability Vulnerability Scan
Vulnerability Scan Summary
Mailman: Cross-site scripting vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-29
(Mailman: Cross-site scripting vulnerability)
Florian Weimer has discovered a cross-site scripting vulnerability
in the error messages that are produced by Mailman.
By enticing a user to visiting a specially-crafted URL, an
attacker can execute arbitrary script code running in the context of
the victim's browser.
There is no known workaround at this time.
All Mailman users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.