Vulnerabilities > Tincan > Phplist > 2.10.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-01 | CVE-2012-5228 | Cross-Site Scripting vulnerability in Tincan PHPlist Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. | 4.3 |
| 2011-04-13 | CVE-2011-1682 | Cross-Site Request Forgery (CSRF) vulnerability in Tincan PHPlist Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. | 4.3 |
| 2011-04-13 | CVE-2011-0748 | Cross-Site Request Forgery (CSRF) vulnerability in Tincan PHPlist Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts. | 6.8 |