Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phplist | Tincan | * | 2.10.2 (including) |
Phplist | Tincan | 2.6 (including) | 2.6 (including) |
Phplist | Tincan | 2.6.1 (including) | 2.6.1 (including) |
Phplist | Tincan | 2.6.2 (including) | 2.6.2 (including) |
Phplist | Tincan | 2.6.3 (including) | 2.6.3 (including) |
Phplist | Tincan | 2.6.4 (including) | 2.6.4 (including) |
Phplist | Tincan | 2.8.12 (including) | 2.8.12 (including) |
Phplist | Tincan | 2.10.1 (including) | 2.10.1 (including) |