Summary
The remote host is running Dada Mail, a free, e-mail list management system written in Perl.
According to its banner, the remote version of this software does not properly validate user written content before submitting that data to the archiving system. A malicious user could embed arbitrary javascript in archived messages to later be executed in a user's browser within the context of the affected web site.
Solution
Upgrade to version 2.10 alpha 1 or higher.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-2595 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Archiva Multiple Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability