The vulnerability in the web interface of the LISTSERV email list management system, related to the lack of protective measures for the website structure, allows a attacker to carry out XSS attacks.

🗓️ 22 Dec 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

LISTSERV web interface vulnerability due to missing site structure protections enabling remote XSS.

Reporter	Title	Published	Views	Family All 15
0day.today	LISTSERV 17 Cross Site Scripting Vulnerability	18 Jan 202300:00	–	zdt
0day.today	LISTSERV 17 - Reflected Cross Site Scripting Vulnerability	30 Mar 202300:00	–	zdt
Circl	CVE-2022-39195	2 Sep 202314:41	–	circl
CNNVD	L-Soft LISTSERV 跨站脚本漏洞	17 Jan 202300:00	–	cnnvd
CVE	CVE-2022-39195	17 Jan 202300:00	–	cve
Cvelist	CVE-2022-39195	17 Jan 202300:00	–	cvelist
Exploit DB	LISTSERV 17 - Reflected Cross Site Scripting (XSS)	30 Mar 202300:00	–	exploitdb
Nuclei	LISTSERV 17 - Cross-Site Scripting	14 Jun 202603:03	–	nuclei
NVD	CVE-2022-39195	17 Jan 202321:15	–	nvd
OSV	CVE-2022-39195	17 Jan 202321:15	–	osv

Vulners

Node

lsoft listservMatch17.0

Source	Link
peach	www.peach.ease.lsoft.com/scripts/wa-PEACH.exe
packetstormsecurity	www.packetstormsecurity.com/2301-exploits/listserv17-xss.txt
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail
exploit-db	www.exploit-db.com/exploits/51148

22 Dec 2023 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 36.1

CVSS 26.4

EPSS0.09973

listserv web interface site structure protections cross site scripting remote exploitation