CVSS: 4.3EPSS: 0%CPEs: 81EXPL: 2CVE-2012-5228 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5228
Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/index.php en phplist v2.10.9, v2.10.17, y posiblemente otras versiones anteriores a v2.10.19, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro testtarget. NOTA: algunos de estos detalles se han obtenido de terceros. • https://www.exploit-db.com/exploits/18419 http://osvdb.org/78548 http://secunia.com/advisories/47727 http://www.exploit-db.com/exploits/18419 http://www.securityfocus.com/bid/51681 https://exchange.xforce.ibmcloud.com/vulnerabilities/72747 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 3CVE-2012-2740 – phpList 2.10.17 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2740
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. Vulnerabilidad de inyección SQL en public_html/lists/admin en phpList anterior a v2.10.18, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro SortBy en una acción de encontrar. • https://www.exploit-db.com/exploits/18639 http://securitytracker.com/id?1027181 http://www.exploit-db.com/exploits/18639 http://www.openwall.com/lists/oss-security/2012/06/16/1 http://www.openwall.com/lists/oss-security/2012/06/17/2 http://www.securityfocus.com/bid/52657 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php https://mantis.phplist.com/view.php?id=16557 https://www.phplist.com/?lid=567 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 3CVE-2012-2741 – phpList 2.10.17 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2741
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en public_html/lists/admin/ en phpList anterior a v2.10.18, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro num en una acción reconcileusers • https://www.exploit-db.com/exploits/18639 http://securitytracker.com/id?1027181 http://www.exploit-db.com/exploits/18639 http://www.openwall.com/lists/oss-security/2012/06/16/1 http://www.openwall.com/lists/oss-security/2012/06/17/2 http://www.securityfocus.com/bid/52657 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php https://mantis.phplist.com/view.php?id=16557 https://www.phplist.com/?lid=567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 5CVE-2012-4246 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4246
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en lists/admin/index.php en phpList anterior a v2.10.19, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) page o (2) footer, (3) status, o (4) testtarget en la página send. • https://www.exploit-db.com/exploits/18419 http://www.phplist.com/?lid=579 https://www.httpcs.com/advisories https://www.httpcs.com/advisory/httpcs23 https://www.httpcs.com/advisory/httpcs24 https://www.httpcs.com/advisory/httpcs25 https://www.httpcs.com/advisory/httpcs26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 1CVE-2012-4247 – phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4247
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en lists/admin/index.php en phpList anterior a v2.10.19, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, o (5) remote_prefix para la página import4; o (6) parámetro id para la página bouncerule. • https://www.exploit-db.com/exploits/18419 http://www.phplist.com/?lid=579 https://www.httpcs.com/advisories https://www.httpcs.com/advisory/httpcs1 https://www.httpcs.com/advisory/httpcs2 https://www.httpcs.com/advisory/httpcs3 https://www.httpcs.com/advisory/httpcs4 https://www.httpcs.com/advisory/httpcs6 https://www.httpcs.com/advisory/httpcs7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •