11 matches found
EUVD-2020-23926
Malware in sbrugna...
CVE-2020-36399
A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module...
BIT-PHPLIST-2020-23190
A stored cross site scripting XSS vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-23190
A stored cross site scripting XSS vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-23190
A stored cross site scripting XSS vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-36399
CVE-2020-36399 describes a stored cross-site scripting (XSS) vulnerability in phplist versions 3.5.4 and earlier, exploitable via a crafted payload in the “rule1” parameter under the “Bounce Rules” module. All connected sources corroborate that the issue is a client-side scripting vulnerability t...
CVE-2020-23194
CVE-2020-23194 is a stored XSS vulnerability in the phplist "Import Subscribers" feature, affecting phplist 3.5.4 and earlier. The root cause is an injectable payload that allows an authenticated attacker to execute arbitrary web scripts or HTML. The per-document details indicate exploitation via...
CVE-2020-23190
Phplist 3.5.4 is affected by a stored XSS in the Import emails module. An authenticated attacker can execute arbitrary web scripts or HTML via a crafted payload. Exploitation status is not detailed in the provided sources. Remediation guidance present in PT-2021-10853 recommends disabling the Imp...
phplist 跨站脚本漏洞
PhpList is a suite of open source newsletter and email marketing software from PhpList UK. A cross-site scripting vulnerability exists in the Import Email module in phplist 3.5.4, which can be exploited by an authenticated attacker to execute arbitrary Web script or HTML via a crafted payload...
PT-2021-12041 · Phplist · Phplist
Name of the Vulnerable Software and Affected Versions: phplist versions 3.5.4 and below Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rule1 parameter under the "Bounce Rules" module. Recommendations: For...
CVE-2020-15072
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section...