4.3

CVE-2011-1682

Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences.  NOTE: this issue exists because of an incomplete fix for CVE-2011-0748.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TincanPhplist Version <= 2.10.13
TincanPhplist Version1.0
TincanPhplist Version1.0.1
TincanPhplist Version1.1.2b
TincanPhplist Version1.1.3b
TincanPhplist Version1.1.4b
TincanPhplist Version1.1.5
TincanPhplist Version1.1.5b
TincanPhplist Version1.1.6
TincanPhplist Version1.1.7
TincanPhplist Version1.3.5
TincanPhplist Version1.3.7
TincanPhplist Version1.4.1
TincanPhplist Version1.5.0
TincanPhplist Version1.5.1
TincanPhplist Version1.6.0
TincanPhplist Version1.6.1
TincanPhplist Version1.6.3
TincanPhplist Version1.6.4
TincanPhplist Version1.7.0
TincanPhplist Version1.7.1
TincanPhplist Version1.8.0
TincanPhplist Version1.9.0
TincanPhplist Version1.9.1
TincanPhplist Version1.9.2
TincanPhplist Version1.9.3
TincanPhplist Version2.1.0
TincanPhplist Version2.1.1
TincanPhplist Version2.1.3
TincanPhplist Version2.1.4
TincanPhplist Version2.2.0
TincanPhplist Version2.2.1
TincanPhplist Version2.3.0
TincanPhplist Version2.3.1
TincanPhplist Version2.3.2
TincanPhplist Version2.3.3
TincanPhplist Version2.3.4
TincanPhplist Version2.4.0
TincanPhplist Version2.4.7
TincanPhplist Version2.5.0
TincanPhplist Version2.5.1
TincanPhplist Version2.5.2
TincanPhplist Version2.5.3
TincanPhplist Version2.5.4
TincanPhplist Version2.5.5
TincanPhplist Version2.5.6
TincanPhplist Version2.5.7
TincanPhplist Version2.5.8
TincanPhplist Version2.6
TincanPhplist Version2.6.0
TincanPhplist Version2.6.1
TincanPhplist Version2.6.2
TincanPhplist Version2.6.3
TincanPhplist Version2.6.4
TincanPhplist Version2.6.5
TincanPhplist Version2.7.1
TincanPhplist Version2.7.2
TincanPhplist Version2.8.2
TincanPhplist Version2.8.7
TincanPhplist Version2.8.12
TincanPhplist Version2.9.3
TincanPhplist Version2.9.4
TincanPhplist Version2.9.5
TincanPhplist Version2.10.1
TincanPhplist Version2.10.2
TincanPhplist Version2.10.3
TincanPhplist Version2.10.4
TincanPhplist Version2.10.5
TincanPhplist Version2.10.6
TincanPhplist Version2.10.7
TincanPhplist Version2.10.8
TincanPhplist Version2.10.9
TincanPhplist Version2.10.10
TincanPhplist Version2.10.11
TincanPhplist Version2.10.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.76% 0.505
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://secunia.com/advisories/44041
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66666
https://exchange.xforce.ibmcloud.com/vulnerabilities/66816