Description

Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.

Remediation

References

CVE-2012-3952

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-5095)

WordPress 3.8.4 Multiple Vulnerabilities (3.8 - 3.8.4)

Oracle Database Server CVE-2014-0377 Vulnerability (CVE-2014-0377)

Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2021-42340)

MySQL CVE-2022-21378 Vulnerability (CVE-2022-21378)

Severity

Low

Classification

CVE-2012-3952 CWE-707

Tags

Missing Update Known Vulnerabilities