PHPlist /admin/configure.php id Variable XSS

2005-11-07T11:27:18
ID OSVDB:20574
Type osvdb
Reporter Tobias Klein(tk@trapkit.de)
Modified 2005-11-07T11:27:18

Description

Vulnerability Description

PHPlist contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the '/admin/configure.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 2.10.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHPlist contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the '/admin/configure.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.phplist.com/ Vendor Specific News/Changelog Entry: http://www.phplist.com/files/changelog Vendor Specific Advisory URL Secunia Advisory ID:17476 Related OSVDB ID: 20564 Related OSVDB ID: 20569 Related OSVDB ID: 20573 Related OSVDB ID: 20575 Related OSVDB ID: 20565 Related OSVDB ID: 20566 Related OSVDB ID: 20567 Related OSVDB ID: 20576 Related OSVDB ID: 20568 Related OSVDB ID: 20570 Related OSVDB ID: 20571 Related OSVDB ID: 20572 Other Advisory URL: http://www.trapkit.de/advisories/TKADV2005-11-001.txt Nessus Plugin ID:19313 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0164.html FrSIRT Advisory: ADV-2005-2345 CVE-2005-3556 Bugtraq ID: 15350