GHSA-9vv2-f3c8-m9x6

Опубликовано: 08 мая 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

Ссылки

EPSS

Процентиль: 22%

0.00071

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2025-28074

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-28074

CVSS3: 6.1

nvd

9 месяцев назад

phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

CVE-2025-28074

CVSS3: 6.1

debian

9 месяцев назад

phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due ...

EPSS

Процентиль: 22%

0.00071

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2025-28074

Дефекты

CWE-79