Detections
Analytics

Dada Mail Archived Message XSS

medium Nessus Plugin ID 19679

Language:

Synopsis

The remote web server contains a PERL script that is affected by a cross-site scripting vulnerability.

Description

The remote web server is running Dada Mail, a free, email list management system written in Perl.

According to its banner, the version of this software installed on the remote host does not properly validate user written content before submitting that data to the archiving system. A malicious user could embed arbitrary JavaScript in archived messages to later be executed in a user's browser within the context of the affected website.

Solution

Upgrade to version 2.10 alpha 1 or higher.

See Also

http://www.nessus.org/u?f2154baf

Plugin Details

Severity: Medium

ID: 19679

File Name: dada_mail_xss.nasl

Version: 1.22

Type: remote

Published: 9/12/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/16/2005

Reference Information

CVE: CVE-2005-2595

BID: 14573

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

SECUNIA: 16435