CVE-2025-28074 – phpList XSS Injection

May 8, 2025

CVE ID : CVE-2025-28074

Published : May 8, 2025, 9:15 p.m. | 2 hours, 22 minutes ago

Description : phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1329 – IBM CICS TX DNS Rebinding Vulnerability

Next Article CVE-2023-31585 – Grocery-CMS-PHP Unauthenticated File Upload Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

NVIDIA’s drivers are causing big problems for DOOM: The Dark Ages, but some fixes are available

Capcom breaks all-time profit records with 10% income growth after Monster Hunter Wilds sold over 10 million copies in a month

Microsoft plans to lay off 3% of its workforce, reportedly targeting management cuts as it changes to fit a “dynamic marketplace”

A cross-platform Markdown note-taking application

A cross-platform Markdown note-taking application

AI Assistant Demo & Tips for Enterprise Projects

Celebrating Global Accessibility Awareness Day (GAAD)

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

NVIDIA’s drivers are causing big problems for DOOM: The Dark Ages, but some fixes are available

Capcom breaks all-time profit records with 10% income growth after Monster Hunter Wilds sold over 10 million copies in a month

CVE-2025-28074 – phpList XSS Injection

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4732 – TOTOLINK A3002R/A3002RU HTTP POST Request Handler Buffer Overflow

Microsoft is now failing at designing consistent rounded corners for Windows 11

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

CVE-2025-24342 – CtrlX OS Username Guessing Information Disclosure Vulnerability

Srinidhi’s Stellar Odyssey: Unveiling the Lost World of the Cosmos

I learned Adobe Creative Cloud in college, and it’s helped me stand out at work — Right now, students get it for 70% off

Redox OS: Ultime Novità di Aprile 2025

Apache Tomcat Vulnerability Let Attackers Bypass Rules & Trigger DoS Condition

Surfshark is our pick for best value VPN, and you can save up to 87% on plans right now

CVE-2025-28074 – phpList XSS Injection

Related Posts