Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3556

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3556
Last Modified 07 Mar 2011 09:26:46
Published 16 Nov 2005 02:42:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3556

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php.

Vulnerable Systems

Application

  • Tincan Phplist 2.10.1


References

MISC - http://www.trapkit.de/advisories/TKADV2005-11-001.txt

BUGTRAQ - 20051107 [TKADV2005-11-001] Multiple vulnerabilities in PHPlist

SECUNIA - 17476

VUPEN - ADV-2005-2345

BID - 15350

OSVDB - 20576

OSVDB - 20575

OSVDB - 20574

OSVDB - 20573

OSVDB - 20572

OSVDB - 20571

OSVDB - 20570


Last Updated: 27 May 2016 10:40:58