XSS Vulnerability In Dada Mail Network Vulnerability

Summary

The remote host is running Dada Mail, a free, e-mail list management system written in Perl. According to its banner, the remote version of this software does not properly validate user written content before submitting that data to the archiving system. A malicious user could embed arbitrary javascript in archived messages to later be executed in a user's browser within the context of the affected web site.

Solution

Upgrade to version 2.10 alpha 1 or higher.

References

http://sourceforge.net/project/shownotes.php?release_id=349531

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-2595
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Admidio get_file.php Remote File Disclosure Vulnerability
Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability

XSS vulnerability in Dada Mail

Take action and discover your vulnerabilities