Title: L-Soft Listserv Multiple Cross-Site Scripting Vulnerabilities
Severity: MODERATE
Description:
Listserv is a publicly available multi-platform application used to manage mailing lists.
Multiple cross-site scripting vulnerabilities have been reported in L-Soft Listserv.
The following programs were reported to be affected:
WA-MSD.EXE
WA-USIAINFO.EXE
WA-DEMO.EXE
The cause of these vulnerabilities in insufficient sanitization of input supplied via URI parameters, which is later included in dynamically generated web pages. An attacker may exploit these issues by embedding hostile HTML and script code in a link to a site hosting the software. If the link is visited by an unsuspecting user, the attacker-supplied code would be rendered in the context of the site hosting the software. This could permit theft of cookie-based authentication credentials or other attacks. These issues could also provide an attack vector for latent vulnerabilities in web browser software.
Affected Products:
- L-Soft Listserv 1.8.0
- L-Soft Listserv 1.8.0c
- L-Soft Listserv 1.8.0d
- L-Soft Listserv 1.8.0e
References:
- Ben Parker: Re: DANGER ZONE: Internet Explorer
- L-Soft: Listserv Product Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
