Ubuntu Security Notice 1069-1 - It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
fdba9a23075e131a564baf3270fe1ab05ec54aef3f93be54371d55937b4d212a
Debian Linux Security Advisory 2170-1 - Two cross site scripting vulnerabilities were been discovered in Mailman, a web-based mailing list manager. These allowed an attacker to retrieve session cookies via inserting crafted JavaScript into confirmation messages (CVE-2011-0707) and in the list admin interface (CVE-2010-3089; oldstable only).
bf4c1ab6425684582dd00c580956547795a061ac12e8a962764fb21a775b50ee
Mandriva Linux Security Advisory 2010-191 - Multiple cross-site scripting vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving the list information field or the list description field.
69ac23bb749b1900777ce4b515706762e22cf782817709f51e127d014a70e691