CVE-2012-3952

Name of the Vulnerable Software and Affected Versions phplist versions prior to 2.10.19

Description The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the "user page" in the admin/index.php file.

Recommendations For versions prior to 2.10.19, update to version 2.10.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/index.php file to minimize the risk of exploitation. Avoid using the unconfirmed parameter in the affected page until the issue is resolved.