LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the ācā parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.
View the template here CVE-2022-39195.yaml
References:
https://github.com/ARPSyndicate/cvemon