Cross-site scripting vulnerabilities in Mailman prior to 2.0.11 allow remote malicious users to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
A cross-site scripting vulnerability was discovered in mailman, a
software to manage electronic mailing lists When a properly crafted
URL is accessed with Internet Explorer (other browsers don't seem to
be affected), the resulting webpage is rendered similar to the real
one, but the javascript component is executed as well, which could be
used by ...
source: wwwsecurityfocuscom/bid/4825/info
GNU Mailman is prone to a cross-site scripting vulnerability An attacker may construct a malicious link to the administrative login page, which contains arbitrary HTML and script code
A user visiting the link will have the attacker's script code executed in their web browser in the context of t ...
Vulmon