This script is Copyright (C) 2008-2011 Tenable Network Security, Inc.
The remote web server is affected by a cross-site scripting
The remote host is running ListManager, a web-based commercial
mailing list management application from Lyris.
The version of ListManager installed on the remote host fails to
sanitize user input to the 'words' parameter of the
'read/search/results' script before including it in dynamic HTML
output. An attacker may be able to leverage this issue to inject
arbitrary HTML and script code into a user's browser to be executed
within the security context of the affected site.
See also :
Upgrade to Listmanager 9.3e or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true