The vulnerability of the cgi/options.py parameters in the GNU Mailman mailing list management package, related to the lack of protection for the website structure, allows for the execution of arbitrary JavaScript code.

The vulnerability in the cgi/options.py module of the GNU Mailman mailing list management package relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a remote attacker to execute arbitrary JavaScript code...

UBUNTU-CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...