Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
phpList Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-28074 - Vulnerability Database
phpList

phpList Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-28074

Medium
Reference: CVE-2025-28074
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-28074
Title: phpList Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping allowing an attacker to inject malicious JavaScript.