File CVE-2021-43331-XSS_CGI_options.patch of Package mailman.24378

---
 Mailman/Cgi/options.py |    2 ++
 1 file changed, 2 insertions(+)

--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -263,6 +263,8 @@ def main():
             varhelp = qs[0]
     if varhelp:
         # Sanitize the topic name.
+        while '%' in varhelp:
+            varhelp = urllib.unquote_plus(varhelp)
         varhelp = re.sub('<.*', '', varhelp)
         topic_details(mlist, doc, user, cpuser, userlang, varhelp)
         return

Places

File CVE-2021-43331-XSS_CGI_options.patch of Package mailman.24378

Places