Published: 12/08/2012 Updated: 29/08/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in admin/index.php in phpList prior to 2.10.19 allows remote malicious users to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phplist phplist
phplist phplist 2.10.10
phplist phplist 2.10.9
phplist phplist 2.10.1
phplist phplist 2.8.12
phplist phplist 2.10.17
phplist phplist 2.10.16
phplist phplist 2.10.8
phplist phplist 2.10.7
phplist phplist 2.8.7
phplist phplist 2.8.2
phplist phplist 2.10.12
phplist phplist 2.10.11
phplist phplist 2.10.3
phplist phplist 2.10.2
phplist phplist 2.6.5
phplist phplist 2.10.15
phplist phplist 2.10.14
phplist phplist 2.10.13
phplist phplist 2.10.5
phplist phplist 2.10.4
phplist phplist 2.7.2
phplist phplist 2.7.1

source: wwwsecurityfocuscom/bid/54887/info PHPList is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker to stea ...

phpList version 21018 suffers from cross site scripting and remote SQL injection vulnerabilities ...

CWE-79 http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html http://www.securityfocus.com/bid/54887 https://www.htbridge.com/advisory/HTB23100 http://osvdb.org/84482 http://secunia.com/advisories/50150 http://www.phplist.com/?lid=579 https://exchange.xforce.ibmcloud.com/vulnerabilities/77526 https://nvd.nist.gov https://www.exploit-db.com/exploits/37590/

CVE-2012-3952

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect