VDB
KO

PYSEC-2026-659

mailman Cross-site scripting (XSS) vulnerability

Details

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / mailman
Introduced in: 0 Fixed in: 2.1.5
Fix pip install --upgrade 'mailman>=2.1.5'

References