Release date: 2012-12-02
Updated on:
Affected Systems:
Kokanosky phpmynewsletter 0.8
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56773
PhpMyNewsLetter is the mail list management script.
PhpMyNewsLetter 0.8 and other versions have multiple cross-site scripting vulnerabilities. Attackers can exploit these vulnerabilities to execute arbitrary script code in the user's browser.
<* Source: HTTPCS
Link: https://www.httpcs.com/advisory/httpcs116
Https://www.httpcs.com/advisory/httpcs115
Https://www.httpcs.com/advisory/httpcs114
Http://seclists.org/fulldisclosure/2012/Dec/44
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Kokanosky
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://gregory.kokanosky.free.fr/v4/phpmynewsletter/