# Exploit Title: mailman v 2.1.8 reflected cross site scripting
# Date: 28-3-2017
# Exploit Author: alqnas eslam
# Vendor Homepage:fb.com/alqnas4
# Software Link:http://www.list.org/
# Tested on:any os
Poc:
step1: go to mailman dir eg:example.com/mailman/listinfo
step2: type your javascript or html code in input name (listname)
step3: click on Search Advertised
demo: university of cambridge - https://lists.cam.ac.uk/mailman/listinfo
video Poc:
mailman v 2.1.8 reflected cross site scripting
https://www.youtube.com/watch?v=VZMVAe5a490&feature=youtu.be