Description

A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Remediation

References

CVE-2017-20033

Related Vulnerabilities

WordPress Plugin WP Mail Logging Cross-Site Scripting (1.8.2)

ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2051)

Lighttpd Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4727)

e107 Other Vulnerability (CVE-2010-2098)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.65)

Severity

Medium

Classification

CVE-2017-20033 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities