VYPR
Unrated severityNVD Advisory· Published May 8, 2025· Updated Jun 7, 2025

CVE-2025-28074

CVE-2025-28074

Description

phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Phplist/Phplistcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <3.6.15

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.