汇总 lyris 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本与SQL 注入 相关,可能在 软件部署与生产负载 场景中带来 会话劫持 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2014-5188 | Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter. | [email protected] | 4.3 | 1.85% | 2014-08-07 | 2026-06-16 |
| CVE-2008-2923 | Cross-site scripting (XSS) vulnerability in read/search/results in Lyris ListManager 8.8, 8.95, and 9.3d allows remote attackers to inject arbitrary web script or HTML via the words parameter. | [email protected] | 4.3 | 1.26% | 2008-06-30 | 2026-06-16 |
| CVE-2007-6319 | Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts." | [email protected] | 10.0 | 2.57% | 2008-02-19 | 2026-06-16 |
| CVE-2006-4547 | Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection. | [email protected] | 6.5 | 0.99% | 2006-09-05 | 2026-06-16 |
| CVE-2006-4546 | Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter. | [email protected] | 6.5 | 1.36% | 2006-09-05 | 2026-06-16 |
| CVE-2005-4144 | Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace. | [email protected] | 7.5 | 1.76% | 2005-12-10 | 2026-06-16 |
| CVE-2005-4143 | SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL. | [email protected] | 7.5 | 1.40% | 2005-12-10 | 2026-06-16 |
| CVE-2000-0758 | The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. | [email protected] | 4.6 | 0.36% | 2000-10-20 | 2026-06-16 |