VDB
KO

PYSEC-2026-657

Mailman Cross-site scripting (XSS) vulnerability

Details

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / mailman
Introduced in: 0 Fixed in: 2.1.1
Fix pip install --upgrade 'mailman>=2.1.1'

References