PT-2023-7918 · L Soft · Listserv 17
Published
2023-01-17
·
Updated
2023-01-24
·
CVE-2022-39195
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
LISTSERV 17 web interface
Description
A cross-site scripting (XSS) issue in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the
c parameter. This can be exploited by a remote attacker to conduct a cross-site scripting attack.Recommendations
For LISTSERV 17 web interface, consider disabling access to the
c parameter in the web interface until a patch is available. Restrict input to the c parameter to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Listserv 17