Description

Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.

Remediation

References

CVE-2012-3952

Related Vulnerabilities

WordPress Plugin Hotjar Connecticator Cross-Site Scripting (1.1.1)

WordPress Plugin WordPress Simple Shopping Cart Cross-Site Request Forgery (3.5)

WordPress Plugin Responsive WordPress Timeline-Everest Timeline Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.1)

Joomla! Core Multiple Cross-Site Scripting Vulnerabilities (2.5.0 - 3.9.1)

MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1010123)

Severity

Low

Classification

CVE-2012-3952 CWE-707

Tags

Missing Update Known Vulnerabilities