Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4247)

Description

Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP-Live Chat by 3CX Cross-Site Scripting (8.0.05)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9406)

WordPress Plugin Better WordPress reCAPTCHA (with no CAPTCHA reCAPTCHA) Cross-Site Scripting (2.0.3)

WordPress Plugin WP Favorite Posts Cross-Site Scripting (1.6.5)

Oracle Application Server CVE-2008-5438 Vulnerability (CVE-2008-5438)

Severity

Medium

Classification

CVE-2012-4247 CWE-707

Tags

Missing Update Known Vulnerabilities