216.73.217.86

CVE-2025-28074

· Published 08/05/2025 21:15 · Modified 08/05/2025 21:15

Labels: CVE-2025-28074 2025-05-08CVE-2025-28074[email protected]

Essential information

Published
08/05/2025 21:15
Modified
08/05/2025 21:15
Author
Creator
CISA KEV
No
CWE

Description

phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
phpList / phpList cpe:2.3:a:phpList:phpList:*:*:*:*:*:*:*:*

References