mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages

A cross-site scripting vulnerability XSS has been discovered in mailman due to the hostname field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts...

Updated mailman packages fix security vulnerability

It was discovered that mailman version prior to 2.1.27 contained a vulnerability where malicious list owners could inject evil scripts into listinfo pages CVE-2018-0618...