A cross-site scripting vulnerability has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts. An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site