Note that these are CVEs which have been reported multiple times to L-Soft Support.

Not all of them affect either LISTSERV or LISTSERV Maestro.  

For those that do, we suggest mitigations.

CVE-2019-15501 Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a

CVE-2020-11022 jQuery vulnerabilities

CVE-2021-44228 Apache Log4J vulnerabilities

CVE-2022-22965 Remote code execution in JDK 9+ Springs applications

CVE-2022-39195 Reflected cross-site scripting (XSS) vulnerability in LISTSERV 17.x web interface

CVE-2022-40319 Insecure Direct Object Reference exploit in LISTSERV 17.x web interface

CVE-2023-27641 REPORT (after z but before a) parameter XSS

CVE-2023-50164 Apache Struts vulnerabilities in LISTSERV Maestro 11.0-14 or later

CVE-2024-50379 TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat