new version of phplist fix XSS vulnerability

2006.10.17

Credit: Michiel Dethmers

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-5294

CWE: CWE-79

Ogólna skala CVSS: 4.3/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 8.6/10

Wymagany dostęp: Zdalny

Złożoność ataku: Średnia

Autoryzacja: Nie wymagana

Wpływ na poufność: Brak

Wpływ na integralność: Częściowy

Wpływ na dostępność: Brak

phplist, http://www.phplist.com is a popular open source newsletter application written in PHP.

An XSS vulnerability has been found, in the public pages of the application.
This issue has been addressed in the latest release 2.10.3, available from www.phplist.com

Versions affected: any version up to 2.10.2

Credits: MustLive, Administrator of Websecurity web site, http://websecurity.com.ua 
discovered the vulnerability and contacted the vendor

more information at http://websecurity.com.ua/267/

This release also includes the documented fixes for the local file 
include vulnerability http://www.securityfocus.com/bid/17429

Michiel Dethmers

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

new version of phplist fix XSS vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.