CVE-2012-2741

phpList <2.10.18 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/18639

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1027181

[Exploit] http://www.exploit-db.com/exploits/18639

[Exploit] http://www.securityfocus.com/bid/52657

[Various Sources] https://mantis.phplist.com/view.php?id=16557

[Patch, Vendor Advisory] https://www.phplist.com/?lid=567

[Mailing List] http://www.openwall.com/lists/oss-security/2012/06/16/1

[Mailing List] http://www.openwall.com/lists/oss-security/2012/06/17/2

[Third Party Advisory] http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php

Scores

EPSS 0.1132

EPSS Percentile 93.5%

Classification

CWE

CWE-79

Status published

Affected Products (17)

phplist/phplist

phplist/phplist < 2.10.17

phplist/phplist

... and 2 more

Timeline

Published Sep 06, 2012

Tracked Since Feb 18, 2026