This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote web server is hosting an application that is affected by
multiple cross-site scripting vulnerabilities.
The remote host is running ListManager, a web-based commercial mailing
list management application from Lyris.
The installed version fails to properly sanitize user-supplied input
to multiple parameters / scripts before using it to generate dynamic
HTML output, such as :
- /scripts/message/message.tml: 'how_many_back',
- /read/attach_file.tml: 'page'
- /read/attachment_too_large.tml: 'page'
- /read/confirm_file_attach.tml: 'page'
- /read/login/index.tml: 'emailaddr'
- /read/login/sent_password.tml: 'emailaddr'
An attacker may be able to leverage these issues to launch cross-site
scripting attacks against users of the application.
Note that the installed version is likely to be affected by other
vulnerabilities, though Nessus has not tested for these.
See also :
Unknown at this time.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 41625 (listmanager_multiple_xss.nasl)
Bugtraq ID: 36509
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.