Eduardo Abril

**Name of the Vulnerable Software and Affected Versions** Hypermail version 2.2.0 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted `From` address. This occurs because the `From` address is not properly handled when indexing messages. **Recommendations** For Hypermail version 2.2.0, consider updating to a newer version that properly handles the `From` address to prevent XSS attacks. As a temporary workaround, restrict the ability to inject arbitrary web script or HTML via the `From` address when indexing messages.