Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Dada Mail < 2.10 alpha 1 Archived Message XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote host is running Dada Mail, a mailing list management system. This version of Dada Mail is vulnerable to a remote HTML injection attack. An attacker exploiting this flaw would typically upload HTML (or script) code to the webserver. Unsuspecting users, upon visiting the malicious portion of the site, would have code executed within their browser. This can lead to theft of confidential data (such as authentication cookies).

Solution

Upgrade to version 2.10 alpha 1 or higher.