18 matches found
EUVD-2020-15970
Malware in sbrugna...
EUVD-2020-15961
Malware in sbrugna...
CVE-2020-22251
Cross Site Scripting XSS vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin...
CVE-2020-23217
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module...
BIT-PHPLIST-2020-22251
Cross Site Scripting XSS vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin...
CVE-2020-22251
CVE-2020-22251 is a Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 exploitable via the login name field when adding a new administrator in Manage Administrators. Multiple connected sources corroborate the issue, describing an XSS condition arising from insufficient input handling on th...
CVE-2020-23209
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module...
CVE-2020-23214
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module...
CVE-2020-23217
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module...
Cross site scripting
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module...
Cross site scripting
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module...
Cross site scripting
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module...
CVE-2020-23217
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module...
CVE-2020-23207
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module...
PhpList 跨站脚本漏洞
phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "List Description" field under the "Edit List" module...
PT-2021-10857 · Phplist · Phplist
Name of the Vulnerable Software and Affected Versions: phplist version 3.5.3 Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Edit Values field under the Configure Attributes module...
Design/Logic Flaw
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...
PT-2021-10889 · Phplist · Phplist
Name of the Vulnerable Software and Affected Versions: phpList version 3.5.3 Description: The issue allows for type juggling, enabling a login bypass. This occurs because the code uses == for comparing password hashes instead of ===, which incorrectly handles hashes starting with '0e' followed by...