Vulnerabilities > Phplist > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-18 | CVE-2023-27576 | Unspecified vulnerability in PHPlist 3.6.12 An issue was discovered in phpList before 3.6.14. | 6.7 |
| 2022-06-10 | CVE-2017-20033 | Cross-site Scripting vulnerability in PHPlist 3.2.6 A vulnerability classified as problematic has been found in PHPList 3.2.6. | 6.1 |
| 2022-06-10 | CVE-2017-20034 | Cross-site Scripting vulnerability in PHPlist 3.2.6 A vulnerability classified as problematic was found in PHPList 3.2.6. | 5.4 |
| 2022-06-10 | CVE-2017-20035 | Cross-site Scripting vulnerability in PHPlist 3.2.6 A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. | 5.4 |
| 2022-06-10 | CVE-2017-20036 | Cross-site Scripting vulnerability in PHPlist 3.2.6 A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. | 5.4 |
| 2021-07-06 | CVE-2020-22251 | Cross-site Scripting vulnerability in PHPlist Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. | 4.8 |
| 2021-07-02 | CVE-2020-23190 | Cross-site Scripting vulnerability in PHPlist 3.5.4 A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2021-07-02 | CVE-2020-23192 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. | 5.4 |
| 2021-07-02 | CVE-2020-23194 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 |
| 2021-07-02 | CVE-2020-36398 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | 5.4 |