Vulnerabilities > Phplist > Phplist > 3.5.3

DATE CVE VULNERABILITY TITLE RISK
2021-01-27 CVE-2020-23361 Incorrect Comparison vulnerability in PHPlist 3.5.3
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
network
low complexity
phplist CWE-697
7.5
7.5
2020-07-08 CVE-2020-15073 Cross-site Scripting vulnerability in PHPlist
An issue was discovered in phpList through 3.5.4.
network
phplist CWE-79
3.5
3.5
2020-07-08 CVE-2020-15072 SQL Injection vulnerability in PHPlist
An issue was discovered in phpList through 3.5.4.
network
low complexity
phplist CWE-89
6.5
6.5
2020-06-04 CVE-2020-13827 Cross-site Scripting vulnerability in PHPlist
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
network
low complexity
phplist CWE-79
6.1
6.1