Vulnerabilities > Phplist > Phplist > 2.10.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-09-06 | CVE-2012-2741 | Cross-Site Scripting vulnerability in PHPlist Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. | 4.3 |
2012-09-06 | CVE-2012-2740 | SQL Injection vulnerability in PHPlist SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. | 7.5 |
2012-08-12 | CVE-2012-4247 | Cross-Site Scripting vulnerability in PHPlist Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. | 4.3 |
2012-08-12 | CVE-2012-4246 | Cross-Site Scripting vulnerability in PHPlist Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. | 4.3 |
2012-08-12 | CVE-2012-3953 | SQL Injection vulnerability in PHPlist SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | 7.5 |
2012-08-12 | CVE-2012-3952 | Cross-Site Scripting vulnerability in PHPlist Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | 2.6 |