Subject: Developers of Sympa
List archive
- From: <address@concealed>
- To: address@concealed
- Subject: [sympa-dev] cross-site scripting
- Date: Fri, 23 Mar 2007 15:17:02 +0100
I've been helping to evaluate Sympa for my university, and I noticed that
there's an unpatched cross-site scripting vulnerability that was posted to
bugtraq in 2004.
http://marc.info/?l=bugtraq&m=109312475207604&w=2
http://secunia.com/advisories/12339
That posting references a Sympa bug, but I couldn't find it in the current
Sympa bug tracker. I verified that it does still exist in 5.2.4.
We're concernced about this, because we don't necessarily fully trust all our
list administrators. Are there any plans to address this issue, or is there a
workaround?
Nathan Rogers
- [sympa-dev] cross-site scripting, nathan.rogers, 03/23/2007
Archive powered by MHonArc 2.6.19+.