Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28429
HistoryAug 27, 2012 - 12:00 a.m.

[FOREGROUND SECURITY 2012-001] Lsoft ListServ v16 (WA revision R4241) SHOWTPL parameter Cross-SIte Scripting - XSS

2012-08-2700:00:00
vulners.com
40
JSON

============================================================
FOREGROUND SECURITY, SECURITY ADVISORY 2012-001

  • Original release date: August 16, 2012
  • Discovered by: Jose Carlos de Arriba (Penetration Testing Team Lead at Foreground Security)
  • Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com)
  • Twitter: @jcarriba
  • Severity: 4.3/10 (Base CVSS Score)
    ============================================================

I. VULNERABILITY

Lsoft ListServ v16 (WA revision R4241) Cross-Site Scripting (XSS) vulnerability (prior versions have not been checked but could be vulnerable too).

II. BACKGROUND

LISTSERV launched the email list industry 25 years ago and remains the gold standard. Continuously developed to meet the latest demands, LISTSERV provides the power, reliability and enterprise-level performance you need to manage all of your opt-in email lists, including email newsletters, announcement lists, discussion groups and email communities.

L-Soft is a pioneer in the fields of email list management software, email marketing software and email list hosting services. L-Soft's solutions are used for managing email newsletters, discussion groups, email communities and opt-in email marketing campaigns.

III. DESCRIPTION

Lsoft ListServ v16 (WA revision R4241) presents a Cross-Site Scripting (XSS) vulnerability on the parameters 'SHOWTPL' in the web form page, due to an insufficient sanitization on user supplied data and encoding output.

A malicious user could perform session hijacking or phishing attacks.

IV. PROOF OF CONCEPT

http://www.example.com/SCRIPTS/WA.EXE?SHOWTPL=<script>alert(document.cookie)</script>

V. BUSINESS IMPACT

An attacker could perform session hijacking or phishing attacks.

VI. SYSTEMS AFFECTED

Lsoft ListServ v16 - WA revision R4241 (prior or later versions have not been checked so could be affected).

VII. SOLUTION

Fixed on WA revision r4276.

VIII. REFERENCES

http://www.foregroundsecurity.com/
http://www.painsec.com
http://www.lsoft.com/

IX. CREDITS

This vulnerability has been discovered by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com).

X. REVISION HISTORY

  • August 16, 2012: Initial release.

XI. DISCLOSURE TIMELINE

August 8, 2012: Vulnerability discovered by Jose Carlos de Arriba.
August 8, 2012: Vendor contacted by email.
August 9, 2012: Response from vendor asking for details and security advisory sent to it.
August 15, 2012: Security advisory sent to vendor.
August 15, 2012: Response from vendor with a new WA revision (r4276) with bug fixed.
August 16, 2012: Security advisory released

XII. LEGAL NOTICES

The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.

Jose Carlos de Arriba, CISSP
Penetration Testing Team Lead
Foreground Security
www.foregroundsecurity.com
jcarriba (a t) foregroundsecurity (d o t ) com

JSON