Amazon Linux AMI Security Advisory: ALAS-2020-1395
Advisory Release Date: 2020-07-15 17:29 Pacific
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. (CVE-2018-0618 )
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. (CVE-2018-13796 )
Run yum update mailman to update your system.