The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted...
6.1CVSS
5.8AI Score
0.001EPSS
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV...
7.5CVSS
7.4AI Score
0.014EPSS
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c...
6.1CVSS
5.9AI Score
0.002EPSS
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK...
6.1CVSS
6AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
6.1AI Score
0.001EPSS
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has...
8AI Score
0.254EPSS
8AI Score
0.004EPSS