2 matches found
CVE-2020-23217
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module...
CVE-2020-23217
CVE-2020-23217 is a stored XSS vulnerability in phpList 3.5.3. The flaw occurs in the Import Emails module’s Add a list field, where crafted input can execute arbitrary web scripts/HTML on the affected page. Consequences include user-held scripts running in the context of phplist, with potential ...