Vulnerabilities > Phplist > Phplist > 3.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-06 | CVE-2020-22251 | Cross-site Scripting vulnerability in PHPlist Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. | 3.5 |
| 2021-07-02 | CVE-2020-23192 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. | 3.5 |
| 2021-07-02 | CVE-2020-23194 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 3.5 |
| 2021-07-02 | CVE-2020-36398 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | 3.5 |
| 2021-07-02 | CVE-2020-36399 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | 3.5 |
| 2020-07-08 | CVE-2020-15073 | Cross-site Scripting vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 3.5 |
| 2020-07-08 | CVE-2020-15072 | SQL Injection vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 6.5 |
| 2020-06-04 | CVE-2020-13827 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 |
| 2020-05-04 | CVE-2020-12639 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | 4.3 |
| 2014-05-05 | CVE-2014-2916 | Cross-Site Request Forgery (CSRF) vulnerability in PHPlist Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | 6.8 |