/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
CVE-2020-12108 (Candidate) is related to these bugs: