Skip to Content.
Sympa Menu

en - Mhonarc up to 2.5.13 vulnerable

Subject: The mailing list for listmasters using Sympa

List archive

Mhonarc up to 2.5.13 vulnerable

Chronological Thread  
    < Chronological >       < Thread >
  • From: "Hanke Penning" <address@concealed>
  • To: address@concealed
  • Subject: Mhonarc up to 2.5.13 vulnerable
  • Date: Wed, 08 Jan 2003 16:24:14 +0200
Hi all,

a little bit offtopic:

For all using the famous mhonarc:

A cross-site scripting (XSS) vulnerability has been discovered for
all versions of MHonArc upto, and including, v2.5.13. A specially
crafted HTML mail message can introduce foreign scripting content
in archives, by-passing MHonArc's HTML script filtering.

Any MHonArc archives that allow HTML mail content are vulnerable.

More on
http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-
address@concealed
Yours sincerly

Hanke Penning

IAP GmbH -- Moerkenstrasse 9 -- 22767 Hamburg
Tel.: 040 / 306803-14 -- Fax: 040 / 306803-10
http://www.iap.de --- E-Mail: address@concealed


  • Mhonarc up to 2.5.13 vulnerable, Hanke Penning, 01/08/2003

Archive powered by MHonArc 2.6.19+.

Top of Page