new version of phplist fix XSS vulnerability

2006.10.17

Credit: Michiel Dethmers

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-5294

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

phplist, http://www.phplist.com is a popular open source newsletter application written in PHP.

An XSS vulnerability has been found, in the public pages of the application.
This issue has been addressed in the latest release 2.10.3, available from www.phplist.com

Versions affected: any version up to 2.10.2

Credits: MustLive, Administrator of Websecurity web site, http://websecurity.com.ua 
discovered the vulnerability and contacted the vendor

more information at http://websecurity.com.ua/267/

This release also includes the documented fixes for the local file 
include vulnerability http://www.securityfocus.com/bid/17429

Michiel Dethmers

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

new version of phplist fix XSS vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.