Vulnerabilities > Phplist > Phplist > 3.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2020-23190 | Cross-site Scripting vulnerability in PHPlist 3.5.4 A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 3.5 |
| 2021-07-02 | CVE-2020-23192 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. | 3.5 |
| 2021-07-02 | CVE-2020-23194 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 3.5 |
| 2021-07-02 | CVE-2020-36398 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | 3.5 |
| 2021-07-02 | CVE-2020-36399 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | 3.5 |
| 2020-06-04 | CVE-2020-13827 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 |