Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2741

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2741
Last Modified 13 Sep 2012 12:00:00
Published 06 Sep 2012 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2741

Summary

Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.

Vulnerable Systems

Application

  • Phplist 2.10.1

  • Phplist 2.10.10

  • Phplist 2.10.11

  • Phplist 2.10.12

  • Phplist 2.10.13

  • Phplist 2.10.14

  • Phplist 2.10.15

  • Phplist 2.10.16

  • Phplist 2.10.17

  • Phplist 2.10.2

  • Phplist 2.10.3

  • Phplist 2.10.4

  • Phplist 2.10.5

  • Phplist 2.10.7

  • Phplist 2.10.8

  • Phplist 2.10.9


References

CONFIRM - https://www.phplist.com/?lid=567

MISC - https://mantis.phplist.com/view.php?id=16557

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php

BID - 52657

MLIST - [oss-security] 20120616 Re: CVE request: phplist before 2.10.18 XSS and sql injection

MLIST - [oss-security] 20120616 CVE request: phplist before 2.10.18 XSS and sql injection

EXPLOIT-DB - 18639

SECTRACK - 1027181


Last Updated: 27 May 2016 11:00:28