[Bug 1884752] [NEW] Brute forcing to match the admin list at www.example.com//mailman/edithtml/tests/listinfo.html?html_code=XSS%20demo

[Kamran Hasan]

*** This bug is a security vulnerability ***

Private security bug reported:

The brute forcing technique can be implemented to surpass the error message 
stating no such list tests. Such a address can exploit users data:
www.example.com//mailman/edithtml/tests/listinfo.html?html_code=XSS%20demo

** Affects: mailman
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1884752

Title:
  Brute forcing to match the admin list at
  www.example.com//mailman/edithtml/tests/listinfo.html?html_code=XSS%20demo

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1884752/+subscriptions
_______________________________________________
Mailman-coders mailing list -- mailman-coders@python.org
To unsubscribe send an email to mailman-coders-le...@python.org
https://mail.python.org/mailman3/lists/mailman-coders.python.org/
Member address: arch...@mail-archive.com