Description
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mail Masta Local File Inclusion (1.0)
WordPress Plugin Timed Popup Cross-Site Request Forgery (1.3)
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Request Forgery (6.5.4)
WordPress Plugin W3SCloud Contact Form 7 to Zoho CRM Cross-Site Scripting (1.1.2)
WordPress Plugin Timetable and Event Schedule by MotoPress Unspecified Vulnerability (2.4.3)