PT-2004-2639 · Sympa · Sympa
Joxean Koret
·
Published
2004-08-21
·
Updated
2017-07-11
·
CVE-2004-1735
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Sympa versions 4.1.x and earlier
Description
A cross-site scripting (XSS) issue exists in the create list option, allowing remote authenticated users to inject arbitrary web script or HTML via the
description field.Recommendations
For Sympa versions 4.1.x and earlier, as a temporary workaround, consider restricting access to the create list option until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sympa