Vulnerabilities > CVE-2005-3556 - Unspecified vulnerability in Tincan PHPlist

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
tincan
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php.

Exploit-Db

  • descriptionPHPList Mailing List Manager 2.x /admin/eventlog.php Multiple Parameter XSS. CVE-2005-3556. Webapps exploit for php platform
    idEDB-ID:26483
    last seen2016-02-03
    modified2005-11-07
    published2005-11-07
    reporterTobias Klein
    sourcehttps://www.exploit-db.com/download/26483/
    titlePHPList Mailing List Manager 2.x /admin/eventlog.php Multiple Parameter XSS
  • descriptionPHPList Mailing List Manager 2.x /admin/users.php find Parameter XSS. CVE-2005-3556. Webapps exploit for php platform
    idEDB-ID:26485
    last seen2016-02-03
    modified2005-11-07
    published2005-11-07
    reporterTobias Klein
    sourcehttps://www.exploit-db.com/download/26485/
    titlePHPList Mailing List Manager 2.x /admin/users.php find Parameter XSS
  • descriptionPHPList Mailing List Manager 2.x /admin/configure.php id Parameter XSS. CVE-2005-3556. Webapps exploit for php platform
    idEDB-ID:26484
    last seen2016-02-03
    modified2005-11-07
    published2005-11-07
    reporterTobias Klein
    sourcehttps://www.exploit-db.com/download/26484/
    titlePHPList Mailing List Manager 2.x /admin/configure.php id Parameter XSS