Cross-Site Scripting (XSS)

mailman is vulnerable to cross-site scripting XSS. A listowner is able to inject and execute arbitrary Javascripts in a user's browser via the listinfo pages...

mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages

A cross-site scripting vulnerability XSS has been discovered in mailman due to the hostname field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts...