TotalChoice Hosting Family Forums > Phplist "unsubscribeemail" Cross-site Scripting Vulnerabilit

Full Version: Phplist "unsubscribeemail" Cross-site Scripting Vulnerabilit

TotalChoice Hosting Family Forums > TotalChoice Hosting General Support > Security Discussions > Software/Scripts/Other Alerts

TCH-Thomas

Oct 13 2006, 10:07 AM

From Secunia (http://secunia.com/advisories/22405/)

Description:
MustLive has reported a vulnerability in phplist, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "unsubscribeemail" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in all versions prior to 2.10.3.

Solution:
Update to version 2.10.3.

TCH-Bruce

Oct 13 2006, 10:18 AM

Thanks Thomas

TCH-Don

Oct 13 2006, 04:28 PM

Thanks Thomas

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.