Lucene search

MitreCVE-2006-5294

HistoryOct 16, 2006 - 6:07 p.m.

CVE-2006-5294

2006-10-1618:07:00

mitre

web.nvd.nist.gov

106

cve-2006-5294

xss

index.php

phplist

unsubscribeemail

web script

html

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.011

Percentile

84.5%

JSON

Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.

Affected configurations

Nvd

Node

tincanphplistRange≤2.10.2

tincanphplistMatch2.6

tincanphplistMatch2.6.1

tincanphplistMatch2.6.2

tincanphplistMatch2.6.3

tincanphplistMatch2.6.4

tincanphplistMatch2.8.12

tincanphplistMatch2.10.1

VendorProductVersionCPE
tincanphplist*cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*
tincanphplist2.6cpe:2.3:a:tincan:phplist:2.6:*:*:*:*:*:*:*
tincanphplist2.6.1cpe:2.3:a:tincan:phplist:2.6.1:*:*:*:*:*:*:*
tincanphplist2.6.2cpe:2.3:a:tincan:phplist:2.6.2:*:*:*:*:*:*:*
tincanphplist2.6.3cpe:2.3:a:tincan:phplist:2.6.3:*:*:*:*:*:*:*
tincanphplist2.6.4cpe:2.3:a:tincan:phplist:2.6.4:*:*:*:*:*:*:*
tincanphplist2.8.12cpe:2.3:a:tincan:phplist:2.8.12:*:*:*:*:*:*:*
tincanphplist2.10.1cpe:2.3:a:tincan:phplist:2.10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tincan	phplist	*	cpe:2.3:a:tincan:phplist::::::::
tincan	phplist	2.6	cpe:2.3:a:tincan:phplist:2.6:::::::*
tincan	phplist	2.6.1	cpe:2.3:a:tincan:phplist:2.6.1:::::::*
tincan	phplist	2.6.2	cpe:2.3:a:tincan:phplist:2.6.2:::::::*
tincan	phplist	2.6.3	cpe:2.3:a:tincan:phplist:2.6.3:::::::*
tincan	phplist	2.6.4	cpe:2.3:a:tincan:phplist:2.6.4:::::::*
tincan	phplist	2.8.12	cpe:2.3:a:tincan:phplist:2.8.12:::::::*
tincan	phplist	2.10.1	cpe:2.3:a:tincan:phplist:2.10.1:::::::*

References

mantis.phplist.com/changelog_page.php

secunia.com/advisories/22405

securityreason.com/securityalert/1728

tincan.co.uk/?lid=1821

websecurity.com.ua/267/

www.phplist.com/news

www.securityfocus.com/archive/1/448411/100/0/threaded

www.securityfocus.com/bid/20483

www.vupen.com/english/advisories/2006/4027

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.011

Percentile

84.5%

JSON

Related for CVE-2006-5294