Vulnerabilities > Phplist
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-01 | CVE-2020-23217 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. | 5.4 |
| 2021-01-27 | CVE-2020-23361 | Unspecified vulnerability in PHPlist 3.5.3 phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 9.8 |
| 2021-01-26 | CVE-2021-3188 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPlist 3.6.0 phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | 9.8 |
| 2020-12-25 | CVE-2020-35708 | SQL Injection vulnerability in PHPlist 3.5.9 phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | 7.2 |
| 2020-07-08 | CVE-2020-15073 | Cross-site Scripting vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 5.4 |
| 2020-07-08 | CVE-2020-15072 | SQL Injection vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 8.8 |
| 2020-06-04 | CVE-2020-13827 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 |
| 2020-05-04 | CVE-2020-12639 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | 6.1 |
| 2020-02-03 | CVE-2020-8547 | Unspecified vulnerability in PHPlist 3.5.0 phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 9.8 |