Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList prior to 2.10.19 allow remote malicious users to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
phplist phplist 2.10.16 |
||
phplist phplist 2.10.14 |
||
phplist phplist 2.10.7 |
||
phplist phplist 2.10.4 |
||
phplist phplist 2.7.2 |
||
phplist phplist 2.6.5 |
||
phplist phplist 2.10.12 |
||
phplist phplist 2.10.11 |
||
phplist phplist 2.10.10 |
||
phplist phplist 2.10.9 |
||
phplist phplist |
||
phplist phplist 2.10.17 |
||
phplist phplist 2.10.2 |
||
phplist phplist 2.10.1 |
||
phplist phplist 2.8.12 |
||
phplist phplist 2.8.7 |
||
phplist phplist 2.10.15 |
||
phplist phplist 2.10.13 |
||
phplist phplist 2.10.8 |
||
phplist phplist 2.10.5 |
||
phplist phplist 2.10.3 |
||
phplist phplist 2.8.2 |
||
phplist phplist 2.7.1 |
Vulmon