CVE-2025-28074 – phpList XSS Injection

May 8, 2025

CVE ID : CVE-2025-28074

Published : May 8, 2025, 9:15 p.m. | 2 hours, 22 minutes ago

Description : phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1329 – IBM CICS TX DNS Rebinding Vulnerability

Next Article CVE-2023-31585 – Grocery-CMS-PHP Unauthenticated File Upload Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This Motorola Razr deal at Best Buy is the top offer I’ve seen on the flip phone

Google Maps can identify and save places in your screenshots – here’s how

T-Mobile is giving loyal users a free line right now – how to see if you qualify

CTA warns of tariff-fueled price hikes on consumer tech – but it’s not all bad news

Big Node, VS Code, and Mantine updates

Big Node, VS Code, and Mantine updates

Prepare for Contact Center Week with Colleen Eager

Preparing for the Unthinkable: Safeguarding People and Productivity During India-Pakistan Conflicts

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Windows 11 Microsoft Store tests Copilot integration to increase app downloads

Beyond APT: Software Management with Flatpak on Ubuntu

CVE-2025-28074 – phpList XSS Injection

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4497 – Apache Code-Projects Simple Banking System Buffer Overflow Vulnerability

How Orca Security optimized their Amazon Neptune database performance

Accelerate NLP inference with ONNX Runtime on AWS Graviton processors

Kirk and Spock reunite: AI gives us the Star Trek farewell we always wanted

Malaysia Airports Hit by Cyberattack: Hackers Demand $10M Ransom

Usability and Experience (UX) in Universal Design Series: Challenges and Opportunities â€“ 4

SnapCenter Security Flaw Rated Critical—NetApp Urges Immediate Patch

VideoLLaMA 2 Released: A Set of Video Large Language Models Designed to Advance Multimodal Research in the Arena of Video-Language Modeling

Galaxy AI is coming to mid-range Samsung phones. These models will get it first

CVE-2025-28074 – phpList XSS Injection

Related Posts