# Exploit Title: mailman v 2.1.8 reflected cross site scripting # Date: 28-3-2017 # Exploit Author: alqnas eslam # Vendor Homepage:fb.com/alqnas4 # Software Link:http://www.list.org/ # Tested on:any os Poc: step1: go to mailman dir eg:example.com/mailman/listinfo step2: type your javascript or html code in input name (listname) step3: click on Search Advertised demo: university of cambridge - https://lists.cam.ac.uk/mailman/listinfo video Poc: mailman v 2.1.8 reflected cross site scripting https://www.youtube.com/watch?v=VZMVAe5a490&feature=youtu.be