Description

Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.

Remediation

References

CVE-2012-2741

Related Vulnerabilities

WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.6.5)

WordPress Plugin Ginger-EU Cookie Law Multiple Vulnerabilities (4.1.3)

WordPress Plugin Social Media Share Buttons & Social Sharing Icons Cross-Site Scripting (1.1.1.11)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.3.4)

WordPress Plugin Print-O-Matic Cross-Site Scripting (2.1.7)

Severity

Medium

Classification

CVE-2012-2741 CWE-707

Tags

Missing Update Known Vulnerabilities