CVE-2006-5294

Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.

Score4.3
Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE
Published2006-10-16 02:07:00.000-04
Last Modified2018-10-17 05:42:02.000-04

Vulnerable Software List

VendorProductVersions
Tincan Phplist 2.10.1, 2.10.2, 2.6, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.8.12

References

SourceLink
MISChttp://mantis.phplist.com/changelog_page.php
SREASON1728
MISChttp://tincan.co.uk/?lid=1821
MISChttp://websecurity.com.ua/267/
MISChttp://www.phplist.com/news
BUGTRAQ20061012 new version of phplist fix XSS vulnerability
BID20483
VUPENADV-2006-4027