Description
phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.
Remediation
References
Related Vulnerabilities
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-50199)
MySQL CVE-2022-21327 Vulnerability (CVE-2022-21327)
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000356)
VMware directory traversal and privilege escalation vulnerabilities
WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0)