CVE-2012-4247

EUVD-2012-4191
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
phplistphplist
𝑥
≤ 2.10.18
phplistphplist
2.6.5
phplistphplist
2.7.1
phplistphplist
2.7.2
phplistphplist
2.8.2
phplistphplist
2.8.7
phplistphplist
2.8.12
phplistphplist
2.10.1
phplistphplist
2.10.2
phplistphplist
2.10.3
phplistphplist
2.10.4
phplistphplist
2.10.5
phplistphplist
2.10.7
phplistphplist
2.10.8
phplistphplist
2.10.9
phplistphplist
2.10.10
phplistphplist
2.10.11
phplistphplist
2.10.12
phplistphplist
2.10.13
phplistphplist
2.10.14
phplistphplist
2.10.15
phplistphplist
2.10.16
phplistphplist
2.10.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.phplist.com/?lid=579
https://www.httpcs.com/advisories
https://www.httpcs.com/advisory/httpcs1
https://www.httpcs.com/advisory/httpcs2
https://www.httpcs.com/advisory/httpcs3
https://www.httpcs.com/advisory/httpcs4
https://www.httpcs.com/advisory/httpcs6
https://www.httpcs.com/advisory/httpcs7
http://www.phplist.com/?lid=579
https://www.httpcs.com/advisories
https://www.httpcs.com/advisory/httpcs1
https://www.httpcs.com/advisory/httpcs2
https://www.httpcs.com/advisory/httpcs3
https://www.httpcs.com/advisory/httpcs4
https://www.httpcs.com/advisory/httpcs6
https://www.httpcs.com/advisory/httpcs7