CVE-2019-15501

Name of the Vulnerable Software and Affected Versions LISTSERV versions prior to 16.5-2018a

Description The issue is related to reflected cross site scripting (XSS) that exists via the "/scripts/wa.exe" API endpoint, specifically through the OK parameter. This allows for potential malicious script injection.

Recommendations For versions prior to 16.5-2018a, update to version 16.5-2018a or later to resolve the issue. As a temporary workaround, consider restricting access to the "/scripts/wa.exe" API endpoint or avoiding the use of the OK parameter until the update is applied.