CVE-2025-28074 Information
May 09, 2025
cve
Description
phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping allowing an attacker to inject malicious JavaScript.
Reference
https://github.com/mLniumm/CVE-2025-28074 https://github.com/phpList/phplist3/blob/main/public_html/lists/lt.php
Share on: