Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27641

The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.

Published

2023-03-05T22:15:08.887

Last Modified

2024-11-21T07:53:19.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	lsoft	listserv	< 17.0	Yes

References

https://github.com/hosakauk/exploits/blob/master/listserv_report_xss.MD Exploit, Third Party Advisory ([email protected])
https://github.com/hosakauk/exploits/blob/master/listserv_report_xss.MD Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)