Description

Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.

Remediation

References

CVE-2012-4246

Related Vulnerabilities

Python Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-2667)

Oracle Application Server CVE-2008-7234 Vulnerability (CVE-2008-7234)

OpenSSL Numeric Errors Vulnerability (CVE-2007-4995)

WordPress Plugin WP Domain Redirect SQL Injection (1.0)

Oracle Database Server CVE-2011-0822 Vulnerability (CVE-2011-0822)

Severity

Medium

Classification

CVE-2012-4246 CWE-707

Tags

Missing Update Known Vulnerabilities