A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote malicious users to inject arbitrary JavaScript or HTML via the c parameter.
lsoft listserv 17.0