CVE-2012-4246

Phplist < 2.10.18 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.

Exploits (1)

exploitdb WORKING POC

htmlwebappsphp

https://www.exploit-db.com/exploits/18419

View Code ZIP pw:eip

References (6)

[Exploit, Patch] http://www.phplist.com/?lid=579

[Exploit] https://www.httpcs.com/advisories

[Exploit] https://www.httpcs.com/advisory/httpcs23

[Exploit] https://www.httpcs.com/advisory/httpcs24

[Vendor Advisory] https://www.httpcs.com/advisory/httpcs25

[Vendor Advisory] https://www.httpcs.com/advisory/httpcs26

Scores

EPSS 0.0714

EPSS Percentile 91.6%

Details

CWE

CWE-79

Status published

Products (23)

phplist/phplist 2.6.5

phplist/phplist 2.7.1

phplist/phplist 2.7.2

phplist/phplist 2.8.2

phplist/phplist 2.8.7

phplist/phplist 2.8.12

phplist/phplist 2.10.1

phplist/phplist 2.10.2

phplist/phplist 2.10.3

phplist/phplist 2.10.4

... and 13 more

Published Aug 12, 2012

Tracked Since Feb 18, 2026