Lucene search

[email protected]CVE-2012-5228

HistoryOct 01, 2012 - 8:55 p.m.

CVE-2012-5228

2012-10-0120:55:04

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-5228

xss

admin/index.php

phplist

web script injection

html injection

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

tincanphplistRange≤2.10.18

tincanphplistMatch1.0

tincanphplistMatch1.0.1

tincanphplistMatch1.1.2b

tincanphplistMatch1.1.3b

tincanphplistMatch1.1.4b

tincanphplistMatch1.1.5

tincanphplistMatch1.1.5b

tincanphplistMatch1.1.6

tincanphplistMatch1.1.7

tincanphplistMatch1.3.5

tincanphplistMatch1.3.7

tincanphplistMatch1.4.1

tincanphplistMatch1.5.0

tincanphplistMatch1.5.1

tincanphplistMatch1.6.0

tincanphplistMatch1.6.1

tincanphplistMatch1.6.3

tincanphplistMatch1.6.4

tincanphplistMatch1.7.0

tincanphplistMatch1.7.1

tincanphplistMatch1.8.0

tincanphplistMatch1.9.0

tincanphplistMatch1.9.1

tincanphplistMatch1.9.2

tincanphplistMatch1.9.3

tincanphplistMatch2.1.0

tincanphplistMatch2.1.1

tincanphplistMatch2.1.3

tincanphplistMatch2.1.4

tincanphplistMatch2.2.0

tincanphplistMatch2.2.1

tincanphplistMatch2.3.0

tincanphplistMatch2.3.1

tincanphplistMatch2.3.2

tincanphplistMatch2.3.3

tincanphplistMatch2.3.4

tincanphplistMatch2.4.0

tincanphplistMatch2.4.7

tincanphplistMatch2.5.0

tincanphplistMatch2.5.1

tincanphplistMatch2.5.2

tincanphplistMatch2.5.3

tincanphplistMatch2.5.4

tincanphplistMatch2.5.5

tincanphplistMatch2.5.6

tincanphplistMatch2.5.7

tincanphplistMatch2.5.8

tincanphplistMatch2.6

tincanphplistMatch2.6.0

tincanphplistMatch2.6.1

tincanphplistMatch2.6.2

tincanphplistMatch2.6.3

tincanphplistMatch2.6.4

tincanphplistMatch2.6.5

tincanphplistMatch2.7.1

tincanphplistMatch2.7.2

tincanphplistMatch2.8.2

tincanphplistMatch2.8.7

tincanphplistMatch2.8.12

tincanphplistMatch2.9.3

tincanphplistMatch2.9.4

tincanphplistMatch2.9.5

tincanphplistMatch2.10.1

tincanphplistMatch2.10.2

tincanphplistMatch2.10.3

tincanphplistMatch2.10.4

tincanphplistMatch2.10.5

tincanphplistMatch2.10.6

tincanphplistMatch2.10.7

tincanphplistMatch2.10.8

tincanphplistMatch2.10.9

tincanphplistMatch2.10.10

tincanphplistMatch2.10.11

tincanphplistMatch2.10.12

tincanphplistMatch2.10.13

tincanphplistMatch2.10.14

tincanphplistMatch2.10.15

tincanphplistMatch2.10.16

tincanphplistMatch2.10.17

tincanphplistMatch2.10.19

CPENameOperatorVersion
tincan:phplisttincan phplistle2.10.18
tincan:phplisttincan phplisteq1.0
tincan:phplisttincan phplisteq1.0.1
tincan:phplisttincan phplisteq1.1.2b
tincan:phplisttincan phplisteq1.1.3b
tincan:phplisttincan phplisteq1.1.4b
tincan:phplisttincan phplisteq1.1.5
tincan:phplisttincan phplisteq1.1.5b
tincan:phplisttincan phplisteq1.1.6
tincan:phplisttincan phplisteq1.1.7

CPE	Name	Operator	Version
tincan:phplist	tincan phplist	le	2.10.18
tincan:phplist	tincan phplist	eq	1.0
tincan:phplist	tincan phplist	eq	1.0.1
tincan:phplist	tincan phplist	eq	1.1.2b
tincan:phplist	tincan phplist	eq	1.1.3b
tincan:phplist	tincan phplist	eq	1.1.4b
tincan:phplist	tincan phplist	eq	1.1.5
tincan:phplist	tincan phplist	eq	1.1.5b
tincan:phplist	tincan phplist	eq	1.1.6
tincan:phplist	tincan phplist	eq	1.1.7

Rows per page:

1-10 of 811

References

osvdb.org/78548

secunia.com/advisories/47727

www.exploit-db.com/exploits/18419

www.securityfocus.com/bid/51681

exchange.xforce.ibmcloud.com/vulnerabilities/72747

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for CVE-2012-5228

cvelist1 nvd1 prion1