Package: nm.debian.org Severity: normal Tags: security The GPG key signing coordination utility does not seem to attamept to validate user inputs. As a result, it is possible to create a new signing offer or requestaccount and fill in some HTML or script code which may
* steal other https://nm.debian.org users' credentials * render the utility unusable because of broken HTML or javascript code which replaces the page by another one -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

