CVE-2012-4246

Phplist < 2.10.18 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.

Exploits (1)

exploitdb WORKING POC

htmlwebappsphp

https://www.exploit-db.com/exploits/18419

View on exploitdb

References (6)

[Exploit, Patch] http://www.phplist.com/?lid=579

[Exploit] https://www.httpcs.com/advisories

[Exploit] https://www.httpcs.com/advisory/httpcs23

[Exploit] https://www.httpcs.com/advisory/httpcs24

[Vendor Advisory] https://www.httpcs.com/advisory/httpcs25

[Vendor Advisory] https://www.httpcs.com/advisory/httpcs26

Scores

EPSS 0.0567

EPSS Percentile 90.2%

Classification

CWE

CWE-79

Status draft

Affected Products (23)

phplist/phplist < 2.10.18

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

phplist/phplist

... and 8 more

Timeline

Published Aug 12, 2012

Tracked Since Feb 18, 2026