Mailman v 2.1.8 reflected cross site scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>mailman v 2.1.8 reflected cross site scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: mailman v 2.1.8 reflected cross site scripting # Date: 28-3-2017 # Exploit Author: alqnas eslam # Vendor Homepage:fb.com/alqnas4 # Software Link:http://www.list.org/ # Tested on:any os Poc: step1: go to mailman dir eg:example.com/mailman/listinfo step2: type your javascript or html code in input name (listname) step3: click on Search Advertised demo: university of cambridge - https://lists.cam.ac.uk/mailman/listinfo video Poc: mailman v 2.1.8 reflected cross site scripting https://www.youtube.com/watch?v=VZMVAe5a490&feature=youtu.be </BODY></HTML>