|
Family: CGI abuses : XSS --> Category: infos
XSS vulnerability in Dada Mail Vulnerability Scan
Vulnerability Scan Summary Checks Dada Mail version
Detailed Explanation for this Vulnerability Test
The remote host is running Dada Mail, a free, e-mail list management
system written in Perl.
According to its banner, the remote version of this software does not
properly validate user written content before submitting that data to
the archiving system. A malicious user could embed arbitrary
javascript in archived messages to later be executed in a user's
browser within the context of the affected web site.
See also : http://sourceforge.net/project/shownotes.php?release_id=349531
Solution : Upgrade to version 2.10 alpha 1 or higher.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|