Unrated severityNVD Advisory· Published Oct 16, 2006· Updated Jun 16, 2026
CVE-2006-5294
CVE-2006-5294
Description
Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*range: <=2.10.2
- cpe:2.3:a:tincan:phplist:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:tincan:phplist:2.8.12:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- mantis.phplist.com/changelog_page.phpnvdPatch
- secunia.com/advisories/22405nvdPatchVendor Advisory
- tincan.co.uknvdPatch
- www.securityfocus.com/bid/20483nvdExploitPatch
- securityreason.com/securityalert/1728nvd
- websecurity.com.ua/267/nvd
- www.phplist.com/newsnvd
- www.securityfocus.com/archive/1/448411/100/0/threadednvd
- www.vupen.com/english/advisories/2006/4027nvd
News mentions
0No linked articles in our index yet.