Lucene search

[email protected]NVD:CVE-2011-1682

HistoryApr 13, 2011 - 2:55 p.m.

CVE-2011-1682

2011-04-1314:55:01

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.003

Percentile

71.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

tincanphplistRange≤2.10.13

tincanphplistMatch1.0

tincanphplistMatch1.0.1

tincanphplistMatch1.1.2b

tincanphplistMatch1.1.3b

tincanphplistMatch1.1.4b

tincanphplistMatch1.1.5

tincanphplistMatch1.1.5b

tincanphplistMatch1.1.6

tincanphplistMatch1.1.7

tincanphplistMatch1.3.5

tincanphplistMatch1.3.7

tincanphplistMatch1.4.1

tincanphplistMatch1.5.0

tincanphplistMatch1.5.1

tincanphplistMatch1.6.0

tincanphplistMatch1.6.1

tincanphplistMatch1.6.3

tincanphplistMatch1.6.4

tincanphplistMatch1.7.0

tincanphplistMatch1.7.1

tincanphplistMatch1.8.0

tincanphplistMatch1.9.0

tincanphplistMatch1.9.1

tincanphplistMatch1.9.2

tincanphplistMatch1.9.3

tincanphplistMatch2.1.0

tincanphplistMatch2.1.1

tincanphplistMatch2.1.3

tincanphplistMatch2.1.4

tincanphplistMatch2.2.0

tincanphplistMatch2.2.1

tincanphplistMatch2.3.0

tincanphplistMatch2.3.1

tincanphplistMatch2.3.2

tincanphplistMatch2.3.3

tincanphplistMatch2.3.4

tincanphplistMatch2.4.0

tincanphplistMatch2.4.7

tincanphplistMatch2.5.0

tincanphplistMatch2.5.1

tincanphplistMatch2.5.2

tincanphplistMatch2.5.3

tincanphplistMatch2.5.4

tincanphplistMatch2.5.5

tincanphplistMatch2.5.6

tincanphplistMatch2.5.7

tincanphplistMatch2.5.8

tincanphplistMatch2.6

tincanphplistMatch2.6.0

tincanphplistMatch2.6.1

tincanphplistMatch2.6.2

tincanphplistMatch2.6.3

tincanphplistMatch2.6.4

tincanphplistMatch2.6.5

tincanphplistMatch2.7.1

tincanphplistMatch2.7.2

tincanphplistMatch2.8.2

tincanphplistMatch2.8.7

tincanphplistMatch2.8.12

tincanphplistMatch2.9.3

tincanphplistMatch2.9.4

tincanphplistMatch2.9.5

tincanphplistMatch2.10.1

tincanphplistMatch2.10.2

tincanphplistMatch2.10.3

tincanphplistMatch2.10.4

tincanphplistMatch2.10.5

tincanphplistMatch2.10.6

tincanphplistMatch2.10.7

tincanphplistMatch2.10.8

tincanphplistMatch2.10.9

tincanphplistMatch2.10.10

tincanphplistMatch2.10.11

tincanphplistMatch2.10.12

VendorProductVersionCPE
tincanphplist*cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*
tincanphplist1.0cpe:2.3:a:tincan:phplist:1.0:*:*:*:*:*:*:*
tincanphplist1.0.1cpe:2.3:a:tincan:phplist:1.0.1:*:*:*:*:*:*:*
tincanphplist1.1.2bcpe:2.3:a:tincan:phplist:1.1.2b:*:*:*:*:*:*:*
tincanphplist1.1.3bcpe:2.3:a:tincan:phplist:1.1.3b:*:*:*:*:*:*:*
tincanphplist1.1.4bcpe:2.3:a:tincan:phplist:1.1.4b:*:*:*:*:*:*:*
tincanphplist1.1.5cpe:2.3:a:tincan:phplist:1.1.5:*:*:*:*:*:*:*
tincanphplist1.1.5bcpe:2.3:a:tincan:phplist:1.1.5b:*:*:*:*:*:*:*
tincanphplist1.1.6cpe:2.3:a:tincan:phplist:1.1.6:*:*:*:*:*:*:*
tincanphplist1.1.7cpe:2.3:a:tincan:phplist:1.1.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tincan	phplist	*	cpe:2.3:a:tincan:phplist::::::::
tincan	phplist	1.0	cpe:2.3:a:tincan:phplist:1.0:::::::*
tincan	phplist	1.0.1	cpe:2.3:a:tincan:phplist:1.0.1:::::::*
tincan	phplist	1.1.2b	cpe:2.3:a:tincan:phplist:1.1.2b:::::::*
tincan	phplist	1.1.3b	cpe:2.3:a:tincan:phplist:1.1.3b:::::::*
tincan	phplist	1.1.4b	cpe:2.3:a:tincan:phplist:1.1.4b:::::::*
tincan	phplist	1.1.5	cpe:2.3:a:tincan:phplist:1.1.5:::::::*
tincan	phplist	1.1.5b	cpe:2.3:a:tincan:phplist:1.1.5b:::::::*
tincan	phplist	1.1.6	cpe:2.3:a:tincan:phplist:1.1.6:::::::*
tincan	phplist	1.1.7	cpe:2.3:a:tincan:phplist:1.1.7:::::::*