mysql-lists Unspecified Cross Site Scripting Vulnerability

Bugtraq ID:	30835
Class:	Input Validation Error
CVE:	CVE-2008-3846
Remote:	Yes
Local:	No
Published:	Aug 26 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Shuya Ueki
Vulnerable:	AquaGardenSoft mysql-lists 1.2
Not Vulnerable:

mysql-lists Unspecified Cross Site Scripting Vulnerability

The 'mysql-lists' program is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects mysql-lists 1.2; other versions may also be affected.

mysql-lists Unspecified Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting victim into following a malicious URI.

mysql-lists Unspecified Cross Site Scripting Vulnerability

Solution:
The vendor has reportedly released an update. Please see the references for more information.

mysql-lists Unspecified Cross Site Scripting Vulnerability

References:

• AquaGardenSoft Homepage (AquaGardenSoft)
  
• JVN#27417220 - mysql-lists from AquaGardenSoft Co.,Ltd. vulnerable to cross-site (AquaGardenSoft)