Known Vulnerabilities for Listserv by Lsoft
Listed below are 10 of the newest known vulnerabilities associated with "Listserv" by "Lsoft".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-50036 json | Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Cross Site Re... | Not Provided | 2025-06-20 | 2026-04-23 |
| CVE-2025-46463 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing G... | Not Provided | 2025-05-23 | 2026-04-23 |
| CVE-2025-22595 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja Mailing G... | Not Provided | 2025-01-09 | 2026-04-23 |
| CVE-2025-22527 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing G... | Not Provided | 2025-01-09 | 2026-04-29 |
| CVE-2023-27641 json | The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS att... | 6.1 - MEDIUM | 2023-03-05 | 2023-03-13 |
| CVE-2022-40319 json | The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modif... | 7.5 - HIGH | 2023-01-17 | 2023-01-25 |
| CVE-2022-39195 json | A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaS... | 6.1 - MEDIUM | 2023-01-17 | 2023-01-24 |
| CVE-2019-15501 json | Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | 6.1 - MEDIUM | 2019-08-26 | 2019-08-28 |
| CVE-2010-2723 json | Not Provided | 2010-07-13 | 2026-04-29 | |
| CVE-2006-1044 json | Not Provided | 2006-03-07 | 2025-04-03 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Lsoft | Listserv | 16.5-2018a | |||
| Application | Lsoft | Listserv | 16.0 | |||
| Application | Lsoft | Listserv | 15.0 | |||
| Application | Lsoft | Listserv | 14.4 | |||
| Application | Lsoft | Listserv | 14.3 | |||
| Application | Lsoft | Listserv | 1.8e | |||
| Application | Lsoft | Listserv | 1.8d | |||
| Application | Lsoft | Listserv | 1.8c | |||
| Application | Lsoft | Listserv | 1.8 | |||
| Application | Lsoft | Listserv | - |