Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-28074

Опубликовано: 08 мая 2025
Источник: debian
EPSS Низкий

Описание

phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
phplistitppackage

EPSS

Процентиль: 22%
0.00071
Низкий

Связанные уязвимости

nvd логотип

CVE-2025-28074

CVSS3: 6.1
nvd
9 месяцев назад

phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

github логотип

GHSA-9vv2-f3c8-m9x6

CVSS3: 6.1
github
9 месяцев назад

phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

EPSS

Процентиль: 22%
0.00071
Низкий