Vulnerabilities > Phplist
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-06 | CVE-2020-22251 | Cross-site Scripting vulnerability in PHPlist Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. | 4.8 |
2021-07-02 | CVE-2020-23190 | Cross-site Scripting vulnerability in PHPlist 3.5.4 A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
2021-07-02 | CVE-2020-23192 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. | 5.4 |
2021-07-02 | CVE-2020-23194 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
2021-07-02 | CVE-2020-36398 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | 5.4 |
2021-07-02 | CVE-2020-36399 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | 5.4 |
2021-07-01 | CVE-2020-23207 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module. | 5.4 |
2021-07-01 | CVE-2020-23208 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module. | 5.4 |
2021-07-01 | CVE-2020-23209 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module. | 5.4 |
2021-07-01 | CVE-2020-23214 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module. | 5.4 |