23 Jun
2020
23 Jun
'20
1:16 p.m.
In addition to the above, assuming you get past the authentication issue, there is also a CSRF token that needs to be returned along with the html_code setting to protect against cross site request forgery. I don't think there is any way this attack can succeed. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1884752 Title: Brute forcing to match the admin list at www.example.com//mailman/edithtml/tests/listinfo.html?html_code=XSS%20demo To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1884752/+subscriptions