Description

Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.

Remediation

References

CVE-2012-3952

Related Vulnerabilities

Jenkins Integer Overflow or Wraparound Vulnerability (CVE-2023-36478)

WordPress Plugin Manual Image Crop Cross-Site Scripting (1.10)

XOOPS Other Vulnerability (CVE-2007-0377)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1253)

GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)

Severity

Low

Classification

CVE-2012-3952 CWE-707

Tags

Missing Update Known Vulnerabilities