ListManager words Parameter Cross-Site Scripting Vulnerability
Medium Nessus Network Monitor Plugin ID 4549
SynopsisThe remote web server is affected by a cross-site scripting vulnerability.
DescriptionThe remote host is running ListManager, a web-based commercial mailing list management application from Lyris. The version of ListManager installed on the remote host fails to sanitize user input to the 'words' parameter of the 'read/search/results' script before including it in dynamic HTML output. An attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.
SolutionUpgrade to ListManager greater than 9.3d