CVE-2012-4247

Name of the Vulnerable Software and Affected Versions phplist versions prior to 2.10.19

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The affected parameters include remote user, remote database, remote userprefix, remote password, remote prefix, and id. The id parameter is specifically vulnerable in the bouncerule page, while the other parameters are vulnerable in the import4 page.

Recommendations For versions prior to 2.10.19, update to version 2.10.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the import4 and bouncerule pages until the update is applied. Avoid using the vulnerable parameters remote user, remote database, remote userprefix, remote password, remote prefix, and id in the affected pages until the issue is resolved.