> [Suggested description] > PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. > > ------------------------------------------ > > [Vulnerability Type] > Cross Site Scripting (XSS) > > ------------------------------------------ > > [Vendor of Product] > PHPJabbers > > ------------------------------------------ > > [Affected Product Code Base] > PHP Newsletter Script - 4.2 > > ------------------------------------------ > > [Affected Component] > Lists in the admin panel, has a stored XSS > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact] > [+] CVE_Request.Impact_Code_execution > [-] CVE_Request.Impact_Denial_of_Service > [-] CVE_Request.Impact_Escalation_of_Privileges > [-] CVE_Request.Impact_Information_Disclosure > > ------------------------------------------ > > [Attack Vectors] > <-- payload used > > ------------------------------------------ > > [Discoverer] > Raphael Karger