Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ListManager words Parameter Cross-Site Scripting Vulnerability

Medium

Synopsis

The remote web server is affected by a cross-site scripting vulnerability.

Description

The remote host is running ListManager, a web-based commercial mailing list management application from Lyris. The version of ListManager installed on the remote host fails to sanitize user input to the 'words' parameter of the 'read/search/results' script before including it in dynamic HTML output. An attacker may be able to leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

Solution

Upgrade to ListManager greater than 9.3d