Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Phplist
  • Phplist

Configuration 1 [-]

OR cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.3:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.4:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.5:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.7:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.8:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.9:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.10:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.11:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.12:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.13:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.14:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.15:*:*:*:*:*:*:*
cpe:2.3:a:phplist:phplist:2.10.16:*:*:*:*:*:*:*

No data.

References
Link Providers
http://securitytracker.com/id?1027181 cve-icon cve-icon
http://www.exploit-db.com/exploits/18639 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2012/06/16/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2012/06/17/2 cve-icon cve-icon
http://www.securityfocus.com/bid/52657 cve-icon cve-icon
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php cve-icon cve-icon
https://mantis.phplist.com/view.php?id=16557 cve-icon cve-icon
https://www.phplist.com/?lid=567 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-06T17:00:00Z

Updated: 2024-09-16T20:06:26.952Z

Reserved: 2012-05-14T00:00:00Z

Link: CVE-2012-2741

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-09-06T17:55:01.440

Modified: 2024-11-21T01:39:32.907

Link: CVE-2012-2741

cve-icon Redhat

No data.