Comment 4 for bug 265656

I'm re-opening this but moving it to the bugs tracker.

I believe MM2.0.10 is vulnerable to this attack and the fix
is simple. MM2.1b2 is not vulnerable because if you look at
line 859 in HyperArch.py, you'll see that the subject and
author fields are always CGIescape()'d.