Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman prior to 2.1.3 allows remote malicious users to steal cookies of other users.
gnu mailman