mailman -- arbitrary content injection vulnerability via options or private archive login pages

Mark Sapiro reports:

A content injection vulnerability via the options login page has
been discovered and reported by Vishal Singh.

    An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack.
  



    (added 2020-05-07) This is essentially the same as
    https://bugs.launchpad.net/mailman/+bug/1873722 except the vector is
    the private archive login page and the attack only succeeds if the
    list's roster visibility (private_roster) setting is 'Anyone'.