CVE-2012-2741

Name of the Vulnerable Software and Affected Versions phpList versions prior to 2.10.18

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the num parameter in a "reconcileusers" action, which is located in the public html/lists/admin/ directory.

Recommendations For versions prior to 2.10.18, update to version 2.10.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the reconcileusers action in the public html/lists/admin/ directory until the update is applied. Avoid using the num parameter in the affected action until the issue is resolved.