Vulnerabilities > Phplist

DATE CVE VULNERABILITY TITLE RISK
2021-07-06 CVE-2020-22249 Unrestricted Upload of File with Dangerous Type vulnerability in PHPlist 3.5.1
Remote Code Execution vulnerability in phplist 3.5.1.
network
low complexity
phplist CWE-434
7.5
2021-07-06 CVE-2020-22251 Cross-site Scripting vulnerability in PHPlist
Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.
network
phplist CWE-79
3.5
2021-07-02 CVE-2020-23190 Cross-site Scripting vulnerability in PHPlist 3.5.4
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
phplist CWE-79
3.5
2021-07-02 CVE-2020-23192 Cross-site Scripting vulnerability in PHPlist
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.
network
phplist CWE-79
3.5
2021-07-02 CVE-2020-23194 Cross-site Scripting vulnerability in PHPlist
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
phplist CWE-79
3.5
2021-07-02 CVE-2020-36398 Cross-site Scripting vulnerability in PHPlist
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.
network
phplist CWE-79
3.5
2021-07-02 CVE-2020-36399 Cross-site Scripting vulnerability in PHPlist
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module.
network
phplist CWE-79
3.5
2021-07-01 CVE-2020-23207 Cross-site Scripting vulnerability in PHPlist 3.5.3
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module.
network
phplist CWE-79
3.5
2021-07-01 CVE-2020-23208 Cross-site Scripting vulnerability in PHPlist 3.5.3
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
network
phplist CWE-79
3.5
2021-07-01 CVE-2020-23209 Cross-site Scripting vulnerability in PHPlist 3.5.3
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module.
network
phplist CWE-79
3.5