CVE-2017-20033

Опубликовано: 10 июн. 2022

Источник: nvd

CVSS3: 4.3

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send'";> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

Ссылки

http://seclists.org/fulldisclosure/2017/Mar/46
Exploit
Mailing List
Third Party Advisory
https://vuldb.com/?id.98919
Third Party Advisory
http://seclists.org/fulldisclosure/2017/Mar/46
Exploit
Mailing List
Third Party Advisory
https://vuldb.com/?id.98919
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phplist:phplist:3.2.6:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-80

CWE-79

Связанные уязвимости

CVE-2017-20033

CVSS3: 4.3

debian

больше 3 лет назад

A vulnerability classified as problematic has been found in PHPList 3. ...

GHSA-jff2-f2xp-77cm

CVSS3: 6.1

github

больше 3 лет назад

A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.

EPSS

Процентиль: 47%

0.0024

Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-80

CWE-79