Vulnerabilities > Phplist
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-01 | CVE-2020-23217 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. | 3.5 |
2021-01-27 | CVE-2020-23361 | Incorrect Comparison vulnerability in PHPlist 3.5.3 phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 7.5 |
2021-01-26 | CVE-2021-3188 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPlist 3.6.0 phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | 10.0 |
2020-12-25 | CVE-2020-35708 | SQL Injection vulnerability in PHPlist 3.5.9 phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | 6.5 |
2020-07-08 | CVE-2020-15073 | Cross-site Scripting vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 3.5 |
2020-07-08 | CVE-2020-15072 | SQL Injection vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 6.5 |
2020-06-04 | CVE-2020-13827 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 |
2020-05-04 | CVE-2020-12639 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | 4.3 |
2020-02-03 | CVE-2020-8547 | Type Confusion vulnerability in PHPlist 3.5.0 phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | 7.5 |
2014-05-05 | CVE-2014-2916 | Cross-Site Request Forgery (CSRF) vulnerability in PHPlist Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | 6.8 |