PHPList 3.2.6 /lists/admin/ page Reflected କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu PHPList 3.2.6 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /lists/admin/ keessa. Hojii jijjiirraa irratti gaggeeffame page galtee send\'\";><script>alert(8)</script> wajjin gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ (Reflected) geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-80 geessa. Dadhabbii kana yeroo 03/17/2017 maxxanfameera kan maxxansiise Tim Coen waliin Curesec Research Team akka phplist 3.2.6: XSS akka Mailinglist Post (Full-Disclosure). Odeeffannoon kun buufachuuf seclists.org irratti qoodameera. Dogoggorri kun akka CVE-2017-20033tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Qabiyyee miidhamte fooyyessuuf gorsa ni kennama. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

6 ଆଡାପ୍ଟେସନ୍ · 90 ପଏଣ୍ଟ

ଫିଲ୍ଡଅଦ୍ୟତନ 1/5
08/23/2020 09:49 AM		ଅଦ୍ୟତନ 2/5
06/05/2022 05:56 PM		ଅଦ୍ୟତନ 3/5
11/22/2022 11:29 AM		ଅଦ୍ୟତନ 4/5
11/22/2022 11:37 AM		ଅଦ୍ୟତନ 5/5
11/22/2022 11:44 AM
cvss3_researcher_avNNNNN
cvss3_researcher_acLLLLL
cvss3_researcher_prNNNNN
cvss3_researcher_uiRRRRR
cvss3_researcher_sCCCCC
cvss3_researcher_cLLLLL
cvss3_researcher_iLLLLL
cvss3_researcher_aNNNNN
vulnerability_titlewordReflectedReflectedReflectedReflectedReflected
advisory_date1489708800 (03/17/2017)1489708800 (03/17/2017)1489708800 (03/17/2017)1489708800 (03/17/2017)1489708800 (03/17/2017)
advisory_locationFull-DisclosureFull-DisclosureFull-DisclosureFull-DisclosureFull-Disclosure
advisory_typeMailinglist PostMailinglist PostMailinglist PostMailinglist PostMailinglist Post
advisory_urlhttp://seclists.org/fulldisclosure/2017/Mar/46http://seclists.org/fulldisclosure/2017/Mar/46http://seclists.org/fulldisclosure/2017/Mar/46http://seclists.org/fulldisclosure/2017/Mar/46http://seclists.org/fulldisclosure/2017/Mar/46
advisory_identifierphplist 3.2.6: XSSphplist 3.2.6: XSSphplist 3.2.6: XSSphplist 3.2.6: XSSphplist 3.2.6: XSS
person_nameTim CoenTim CoenTim CoenTim CoenTim Coen
company_nameCuresec Research TeamCuresec Research TeamCuresec Research TeamCuresec Research TeamCuresec Research Team
price_0day$0-$5k$0-$5k$0-$5k$0-$5k$0-$5k
countermeasure_nameଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version3.3.13.3.13.3.13.3.13.3.1
source_seealso98920 98921 9892298920 98921 9892298920 98921 9892298920 98921 9892298920 98921 98922
cvss2_vuldb_eNDNDNDNDND
cvss2_vuldb_rlOFOFOFOFOF
cvss2_vuldb_rcURURURURUR
cvss3_vuldb_eXXXXX
cvss3_vuldb_rlOOOOO
cvss3_vuldb_rcRRRRR
cvss3_researcher_basescore6.16.16.16.16.1
software_namePHPListPHPListPHPListPHPListPHPList
software_version3.2.63.2.63.2.63.2.63.2.6
software_file/lists/admin//lists/admin//lists/admin//lists/admin//lists/admin/
software_argumentpagepagepagepagepage
input_valuesend\'\";><script>alert(8)</script>send\'\";><script>alert(8)</script>send\'\";><script>alert(8)</script>send\'\";><script>alert(8)</script>send\'\";><script>alert(8)</script>
vulnerability_vendorinformdate1506816000 (10/01/2017)1506816000 (10/01/2017)1506816000 (10/01/2017)1506816000 (10/01/2017)1506816000 (10/01/2017)
vulnerability_risk11111
cvss2_vuldb_basescore4.34.34.34.34.3
cvss2_vuldb_tempscore3.63.63.63.63.6
cvss2_vuldb_avNNNNN
cvss2_vuldb_acMMMMM
cvss2_vuldb_auNNNNN
cvss2_vuldb_ciNNNNN
cvss2_vuldb_iiPPPPP
cvss2_vuldb_aiNNNNN
cvss3_meta_basescore5.25.25.25.25.2
cvss3_meta_tempscore4.85.05.05.15.1
cvss3_vuldb_basescore4.34.34.34.34.3
cvss3_vuldb_tempscore4.04.04.04.04.0
cvss3_vuldb_avNNNNN
cvss3_vuldb_acLLLLL
cvss3_vuldb_prNNNNN
cvss3_vuldb_uiRRRRR
cvss3_vuldb_sUUUUU
cvss3_vuldb_cNNNNN
cvss3_vuldb_iLLLLL
cvss3_vuldb_aNNNNN
vulnerability_cweCWE-80 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)CWE-80 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)CWE-80 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)CWE-80 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)CWE-80 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
software_typeMailing List SoftwareMailing List SoftwareMailing List SoftwareMailing List SoftwareMailing List Software
source_cveCVE-2017-20033CVE-2017-20033CVE-2017-20033CVE-2017-20033
cna_responsibleVulDBVulDBVulDBVulDB
cve_assigned1654380000 (06/05/2022)1654380000 (06/05/2022)1654380000 (06/05/2022)
cve_nvd_summaryA vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";>alert(8) leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";>alert(8) leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\&#039;\";>alert(8) leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prNN
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cve_cnaVulDBVulDB
cvss2_nvd_basescore4.34.3
cvss3_nvd_basescore6.16.1
cvss3_cna_basescore4.34.3

ପଛକୁସମୀକ୍ଷାଆହୁରି ଦୂରରେ

Want to stay up to date on a daily basis?

Enable the mail alert feature now!