Account creation was trivial, and upon authentication I began snooping around. There are a few CVE's floating around out there (old), but I couldn't get anything to pop. Input was either encoded, filtered, or escaped and it seemed that the application was doing an adequate job.
Within the "Preferences" section, I found the "Report Preferences" section.
Under this section, a setting for "Lists and Subscribers Displayed:"
The parameter "1" stored input unfiltered:
I moved to a somewhat better proof of concept - a lame alert box:
I noticed that the value was passed through a GET request in the URL! Wow!
Currently, no CVE's exist for this LISTSERV Persistent XSS flaw.