CVE-2025-28074 – phpList XSS Injection

May 8, 2025

CVE ID : CVE-2025-28074

Published : May 8, 2025, 9:15 p.m. | 2 hours, 22 minutes ago

Description : phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1329 – IBM CICS TX DNS Rebinding Vulnerability

Next Article CVE-2023-31585 – Grocery-CMS-PHP Unauthenticated File Upload Vulnerability

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-28074 – phpList XSS Injection

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

I missed out on the Clair Obscur: Expedition 33 Collector’s Edition but thankfully, the developers are launching something special

New GPAUF Technique to Root Qualcomm-Based Android Phones

CVE-2025-4151 – PHPGurukul Curfew e-Pass Management System SQL Injection Vulnerability

Say no to abstract code

Everybody’s gone lintin’

RansomHouse ransomware: what you need to know

I wore Whoop’s latest health tracker – it gave me the best of Oura Ring, Apple Watch, and more

CVE-2025-49080 – “Absolute Secure Access Server Denial of Service Vulnerability”

CVE-2025-28074 – phpList XSS Injection

Related Posts