Phplist · Phplist · CVE-2006-5294
**Name of the Vulnerable Software and Affected Versions**
phplist versions prior to 2.10.3
**Description**
The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `unsubscribeemail` parameter in the index.php file.
**Recommendations**
For versions prior to 2.10.3, update to version 2.10.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or avoiding the use of the `unsubscribeemail` parameter until the update is applied.