CVE-2006-5294
phplist < 2.10.3 - Cross-Site Scripting via Unsubscribe Email Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-5294. PoCs published by Michiel Dethmers.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpList versions prior to 2.10.3. The vulnerability arises from improper sanitization of user-supplied input in the 'unsubscribeemail' parameter, allowing arbitrary script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in phpList versions prior to 2.10.3. The vulnerability arises from improper sanitization of user-supplied input in the 'unsubscribeemail' parameter, allowing arbitrary script execution in the context of the affected site.