Multiple input sanitization flaws were found in the way Mailman
displayed usernames of subscribed users on certain pages. If a user who
is subscribed to a mailing list were able to trick a victim into
visiting one of those pages, they could perform a cross-site scripting
(XSS) attack against the victim. (CVE-2011-0707)
Multiple input sanitization flaws were found in the way Mailman
displayed mailing list information. A mailing list administrator could
use this flaw to conduct a cross-site scripting (XSS) attack against
victims viewing a list's "listinfo" page. (CVE-2010-3089)