Vulnerabilities > Phplist > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-12 | CVE-2012-4247 | Cross-Site Scripting vulnerability in PHPlist Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. | 4.3 |
| 2012-08-12 | CVE-2012-4246 | Cross-Site Scripting vulnerability in PHPlist Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. | 4.3 |
| 2006-10-26 | CVE-2006-5524 | Unspecified vulnerability in PHPlist 2.10.2 Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. network phplist | 6.8 |
| 2004-12-31 | CVE-2004-2744 | Remote Security vulnerability in Mailing List Manager Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." | 5.0 |