CVE-2002-0855

Name of the Vulnerable Software and Affected Versions: Mailman versions prior to 2.0.12

Description: A cross-site scripting issue allows remote attackers to execute scripts as other users. This is achieved through a subscriber's list subscription options, specifically via the adminpw or info parameters to the ml-name feature.

Recommendations: For versions prior to 2.0.12, update to version 2.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the ml-name feature until a patch is available. Avoid using the adminpw and info parameters in the affected feature until the issue is resolved.