CVE-2012-3952
Phplist < 2.10.18 - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37590
References (7)
Scores
EPSS
0.0661
EPSS Percentile
91.1%
Classification
CWE
CWE-79
Status
published
Affected Products (24)
phplist/phplist
< 2.10.18
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
phplist/phplist
... and 9 more
Timeline
Published
Aug 12, 2012
Tracked Since
Feb 18, 2026