I don't understand the issue. If I go to https://example.com/mailman//edithtml/tests/listinfo.html?html_code=XSS%20demo (replacing 'example.com' with a real mailman server) I get a response "No such list tests". The query fragment "html_code=XSS%20demo" is apparently ignored. Please explain in more detail what the issue is and the steps to exploit it so I can understand it.
-- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1884752 Title: Brute forcing to match the admin list at www.example.com//mailman/edithtml/tests/listinfo.html?html_code=XSS%20demo To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1884752/+subscriptions _______________________________________________ Mailman-coders mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/mailman-coders.python.org/ Member address: [email protected]
