Vulnerabilities > Phplist > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2020-36399 | Cross-site Scripting vulnerability in PHPlist A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | 5.4 |
| 2021-07-01 | CVE-2020-23207 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module. | 5.4 |
| 2021-07-01 | CVE-2020-23208 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module. | 5.4 |
| 2021-07-01 | CVE-2020-23209 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module. | 5.4 |
| 2021-07-01 | CVE-2020-23214 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module. | 5.4 |
| 2021-07-01 | CVE-2020-23217 | Cross-site Scripting vulnerability in PHPlist 3.5.3 A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. | 5.4 |
| 2020-07-08 | CVE-2020-15073 | Cross-site Scripting vulnerability in PHPlist An issue was discovered in phpList through 3.5.4. | 5.4 |
| 2020-06-04 | CVE-2020-13827 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. | 6.1 |
| 2020-05-04 | CVE-2020-12639 | Cross-site Scripting vulnerability in PHPlist phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | 6.1 |