Dada Mail Archived Message XSS

Copyright (C) 2005-2015 Josh Zlatin-Amishav

Synopsis :

The remote web server contains a PERL script that is affected by a
cross-site scripting vulnerability.

Description :

The remote web server is running Dada Mail, a free, email list
management system written in Perl.

According to its banner, the version of this software installed on the
remote host does not properly validate user written content before
submitting that data to the archiving system. A malicious user could
embed arbitrary JavaScript in archived messages to later be executed
in a user's browser within the context of the affected website.

See also :

Solution :

Upgrade to version 2.10 alpha 1 or higher.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 19679 (dada_mail_xss.nasl)

Bugtraq ID: 14573

CVE ID: CVE-2005-2595

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial