Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2025-28074

MEDIUM
Published 2025-05-08T00:00:00.000Z
Actions:

CVSS Score

V3.1
6.1
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

References

https://github.com/phpList/phplist3/blob/main/public_html/lists/lt.php
https://github.com/mLniumm/CVE-2025-28074
https://github.com/phpList/phplist3/compare/v3.6.14...v3.6.15
https://www.phplist.org/newslist/phplist-3-6-15-release-notes/
Published: 2025-05-08T00:00:00.000Z
Last Modified: 2025-06-07T14:42:05.947Z
Copied to clipboard!