Vulnerabilities > Phplist > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-10 | CVE-2017-20036 | Cross-site Scripting vulnerability in PHPlist 3.2.6 A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. | 3.5 |
| 2022-06-10 | CVE-2017-20035 | Cross-site Scripting vulnerability in PHPlist 3.2.6 A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. | 3.5 |
| 2022-06-10 | CVE-2017-20034 | Cross-site Scripting vulnerability in PHPlist 3.2.6 A vulnerability classified as problematic was found in PHPList 3.2.6. | 3.5 |
| 2021-07-06 | CVE-2020-22251 | Cross-site Scripting vulnerability in PHPlist Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. | 3.5 |
| 2021-07-02 | CVE-2020-36399 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | 3.5 |
| 2021-07-02 | CVE-2020-36398 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | 3.5 |
| 2021-07-02 | CVE-2020-23194 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 3.5 |
| 2021-07-02 | CVE-2020-23192 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. | 3.5 |
| 2021-07-02 | CVE-2020-23190 | Cross-site Scripting vulnerability in PHPlist 3.5.4 A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 3.5 |
| 2021-07-01 | CVE-2020-23217 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. | 3.5 |