Lucene search
High-Tech Bridge SAEDB-ID:37590HistoryAug 08, 2012 - 12:00 a.m.
phpList 2.10.18 - 'unconfirmed' Cross-Site Scripting
2012-08-0800:00:00
High-Tech Bridge SA
www.exploit-db.com
15
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/54887/info
PHPList is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
PHPList 2.10.18 is vulnerable; other versions may also be affected.
http://www.example.com/admin/?page=user&find=1&unconfirmed=%22%3 %3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E Related
cvelist
cvelist
CVE-2012-3952
2012-08-12 00:00:00
cve
cve
CVE-2012-3952
2012-08-12 00:55:00
prion
prion
Cross site scripting
2012-08-12 00:55:00
nvd
nvd
CVE-2012-3952
2012-08-12 00:55:00
packetstorm
packetstorm
phpList 2.10.18 Cross Site Scripting / SQL Injection
2012-08-09 00:00:00
securityvulns
securityvulns
Multiple Vulnerabilities in phpList
2012-08-13 00:00:00
htbridge
htbridge
Multiple Vulnerabilities in phpList
2012-07-11 00:00:00
zdt
zdt
phpList 2.10.18 Cross Site Scripting / SQL Injection Vulnerability
2012-08-11 00:00:00