Mailman can be exploited by malicious people to conduct cross-site
scripting and phishing attacks, and cause a DoS (Denial of
Service).
1) An error in the logging functionality can be exploited to
inject a spoofed log message into the error log via a specially
crafted URL.
Successful exploitation may trick an administrator into visiting
a malicious web site.
2) An error in the processing of malformed headers which does not
follow the RFC 2231 standard can be exploited to cause a DoS
(Denial of Service).
3) Some unspecified input isn't properly sanitised before being
returned to the user. This can be exploited to execute arbitrary
HTML and script code in a user's browser session in context of an
affected site.