Unrated severityNVD Advisory· Published Aug 12, 2012· Updated Apr 29, 2026
CVE-2012-4246
CVE-2012-4246
Description
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.
Affected products
23cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:*range: <=2.10.18
- cpe:2.3:a:phplist:phplist:2.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.11:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.12:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.13:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.14:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.15:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.16:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.17:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:phplist:phplist:2.8.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.phplist.comnvdExploitPatch
- www.httpcs.com/advisoriesnvdExploit
- www.httpcs.com/advisory/httpcs23nvdExploit
- www.httpcs.com/advisory/httpcs24nvdExploit
- www.httpcs.com/advisory/httpcs25nvd
- www.httpcs.com/advisory/httpcs26nvd
News mentions
0No linked articles in our index yet.