Lucene search

[email protected]NVD:CVE-2012-2741

HistorySep 06, 2012 - 5:55 p.m.

CVE-2012-2741

2012-09-0617:55:01

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.

Affected configurations

NVD

Node

phplistphplistRange≤2.10.17

phplistphplistMatch2.10.1

phplistphplistMatch2.10.2

phplistphplistMatch2.10.3

phplistphplistMatch2.10.4

phplistphplistMatch2.10.5

phplistphplistMatch2.10.7

phplistphplistMatch2.10.8

phplistphplistMatch2.10.9

phplistphplistMatch2.10.10

phplistphplistMatch2.10.11

phplistphplistMatch2.10.12

phplistphplistMatch2.10.13

phplistphplistMatch2.10.14

phplistphplistMatch2.10.15

phplistphplistMatch2.10.16

References

securitytracker.com/id?1027181

www.exploit-db.com/exploits/18639

www.openwall.com/lists/oss-security/2012/06/16/1

www.openwall.com/lists/oss-security/2012/06/17/2

www.securityfocus.com/bid/52657

www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php

mantis.phplist.com/view.php?id=16557

www.phplist.com/?lid=567

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for NVD:CVE-2012-2741

cvelist1 prion1 cve1 openvas2 nessus1 zeroscience1 freebsd1