Vulnerabilities > CVE-2005-3556 - Input Validation vulnerability in PHPList

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

tincan

exploit available

NVD

Published: 2005-11-16

Updated: 2018-10-19

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php.

Vulnerable Configurations

Part	Description	Count
Application	Tincan Tincan Phplist 1.0 Tincan Phplist 1.0.1 Tincan Phplist 1.1.2B Tincan Phplist 1.1.3B Tincan Phplist 1.1.4B Tincan Phplist 1.1.5 Tincan Phplist 1.1.5B Tincan Phplist 1.1.6 Tincan Phplist 1.1.7 Tincan Phplist 1.3.5 Tincan Phplist 1.3.7 Tincan Phplist 1.4.1 Tincan Phplist 1.5.0 Tincan Phplist 1.5.1 Tincan Phplist 1.6.0 Tincan Phplist 1.6.1 Tincan Phplist 1.6.3 Tincan Phplist 1.6.4 Tincan Phplist 1.7.0 Tincan Phplist 1.7.1 Tincan Phplist 1.8.0 Tincan Phplist 1.9.0 Tincan Phplist 1.9.1 Tincan Phplist 1.9.2 Tincan Phplist 1.9.3 Tincan Phplist 2.1.0 Tincan Phplist 2.1.1 Tincan Phplist 2.1.3 Tincan Phplist 2.1.4 Tincan Phplist 2.2.0 Tincan Phplist 2.2.1 Tincan Phplist 2.3.0 Tincan Phplist 2.3.1 Tincan Phplist 2.3.2 Tincan Phplist 2.3.3 Tincan Phplist 2.3.4 Tincan Phplist 2.4.0 Tincan Phplist 2.4.7 Tincan Phplist 2.5.0 Tincan Phplist 2.5.1 Tincan Phplist 2.5.2 Tincan Phplist 2.5.3 Tincan Phplist 2.5.4 Tincan Phplist 2.5.5 Tincan Phplist 2.5.6 Tincan Phplist 2.5.7 Tincan Phplist 2.5.8 Tincan Phplist 2.6 Tincan Phplist 2.6.0 Tincan Phplist 2.6.1 Tincan Phplist 2.6.2 Tincan Phplist 2.6.3 Tincan Phplist 2.6.4 Tincan Phplist 2.6.5 Tincan Phplist 2.7.1 Tincan Phplist 2.7.2 Tincan Phplist 2.8.2 Tincan Phplist 2.8.7 Tincan Phplist 2.8.12 Tincan Phplist 2.9.3 Tincan Phplist 2.9.4 Tincan Phplist 2.9.5 Tincan Phplist 2.10.1	63

Exploit-Db

description	PHPList Mailing List Manager 2.x /admin/eventlog.php Multiple Parameter XSS. CVE-2005-3556. Webapps exploit for php platform
id	EDB-ID:26483
last seen	2016-02-03
modified	2005-11-07
published	2005-11-07
reporter	Tobias Klein
source	https://www.exploit-db.com/download/26483/
title	PHPList Mailing List Manager 2.x /admin/eventlog.php Multiple Parameter XSS

description	PHPList Mailing List Manager 2.x /admin/users.php find Parameter XSS. CVE-2005-3556. Webapps exploit for php platform
id	EDB-ID:26485
last seen	2016-02-03
modified	2005-11-07
published	2005-11-07
reporter	Tobias Klein
source	https://www.exploit-db.com/download/26485/
title	PHPList Mailing List Manager 2.x /admin/users.php find Parameter XSS

description	PHPList Mailing List Manager 2.x /admin/configure.php id Parameter XSS. CVE-2005-3556. Webapps exploit for php platform
id	EDB-ID:26484
last seen	2016-02-03
modified	2005-11-07
published	2005-11-07
reporter	Tobias Klein
source	https://www.exploit-db.com/download/26484/
title	PHPList Mailing List Manager 2.x /admin/configure.php id Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

References