Multiple cross-site scripting vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list"s info attribute in the web administrator interface. The updated packages have been patched to correct these issues.