Potential XSS attack via the user options page.

Bug #1949401 reported by Mark Sapiro
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Fix Released
Medium
Mark Sapiro

Bug Description

A crafted URL to the user options page can execute arbitrary javascript.

Related branches

CVE References

Revision history for this message
Mark Sapiro (msapiro) wrote :
Mark Sapiro (msapiro)
Changed in mailman:
status: In Progress → Fix Released
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers