Vulnerability Details CVE-2012-3952
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.066
EPSS Ranking 90.7%
CVSS Severity
CVSS v2 Score 2.6
References
- http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html
- http://osvdb.org/84482
- http://secunia.com/advisories/50150
- http://www.phplist.com/?lid=579
- http://www.securityfocus.com/bid/54887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77526
- https://www.htbridge.com/advisory/HTB23100
- http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html
- http://osvdb.org/84482
- http://secunia.com/advisories/50150
- http://www.phplist.com/?lid=579
- http://www.securityfocus.com/bid/54887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77526
- https://www.htbridge.com/advisory/HTB23100
Products affected by CVE-2012-3952
-
cpe:2.3:a:phplist:phplist:2.10.1
-
cpe:2.3:a:phplist:phplist:2.10.10
-
cpe:2.3:a:phplist:phplist:2.10.11
-
cpe:2.3:a:phplist:phplist:2.10.12
-
cpe:2.3:a:phplist:phplist:2.10.13
-
cpe:2.3:a:phplist:phplist:2.10.14
-
cpe:2.3:a:phplist:phplist:2.10.15
-
cpe:2.3:a:phplist:phplist:2.10.16
-
cpe:2.3:a:phplist:phplist:2.10.17
-
cpe:2.3:a:phplist:phplist:2.10.18
-
cpe:2.3:a:phplist:phplist:2.10.2
-
cpe:2.3:a:phplist:phplist:2.10.3
-
cpe:2.3:a:phplist:phplist:2.10.4
-
cpe:2.3:a:phplist:phplist:2.10.5
-
cpe:2.3:a:phplist:phplist:2.10.7
-
cpe:2.3:a:phplist:phplist:2.10.8
-
cpe:2.3:a:phplist:phplist:2.10.9
-
cpe:2.3:a:phplist:phplist:2.6.5
-
cpe:2.3:a:phplist:phplist:2.7.1
-
cpe:2.3:a:phplist:phplist:2.7.2
-
cpe:2.3:a:phplist:phplist:2.8.12
-
cpe:2.3:a:phplist:phplist:2.8.2
-
cpe:2.3:a:phplist:phplist:2.8.7