CVE-2012-4247
Phplist < 2.10.18 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.
Exploits (1)
References (8)
Scores
EPSS
0.0511
EPSS Percentile
89.9%
Details
CWE
CWE-79
Status
published
Products (23)
phplist/phplist
2.6.5
phplist/phplist
2.7.1
phplist/phplist
2.7.2
phplist/phplist
2.8.2
phplist/phplist
2.8.7
phplist/phplist
2.8.12
phplist/phplist
2.10.1
phplist/phplist
2.10.2
phplist/phplist
2.10.3
phplist/phplist
2.10.4
... and 13 more
Published
Aug 12, 2012
Tracked Since
Feb 18, 2026