Description
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
Remediation
References
Related Vulnerabilities
PHP Use After Free Vulnerability (CVE-2016-5773)
WebLogic CVE-2016-5535 Vulnerability (CVE-2016-5535)
OpenSSL Resource Management Errors Vulnerability (CVE-2014-3507)
WordPress Plugin Dynamic Widgets 'id' Parameter Cross-Site Scripting (1.5.1)
WordPress Plugin PDW Media File Browser 'upload.php' Arbitrary File Upload (1.1)