CVE-2005-3556 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php (2) title parameter in (b) admin/spageedit.php (3) title field in (c) admin/template.php (4) filter (5) delete and (6) start parameters in (d) admin/eventlog.php (7) id parameter in (e) admin/configure.php (8) find parameter in (f) admin/users.php (9) start parameter in (g) admin/admin.php and (10) action parameter in (h) admin/fckphplist.php.
Reference
http://osvdb.org/20570 http://osvdb.org/20571 http://osvdb.org/20572 http://osvdb.org/20573 http://osvdb.org/20574 http://osvdb.org/20575 http://osvdb.org/20576 http://secunia.com/advisories/17476 http://www.securityfocus.com/archive/1/416005/30/0/threaded http://www.securityfocus.com/bid/15350 http://www.trapkit.de/advisories/TKADV2005-11-001.txt http://www.vupen.com/english/advisories/2005/2345
Share on: