phpList Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2012-4246
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or the (2) footer (3) status or (4) testtarget parameter in the send page.