CVE-2012-4247

Multiple cross-site scripting XSS vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the 1 remoteuser, 2 remotedatabase, 3 remoteuserprefix, 4 remotepassword, or 5 remoteprefix parameter to the import4 page; or the ...

BIT-PHPLIST-2020-36398

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...

phpList cross-site scripting vulnerability (CNVD-2021-48844)

phpList is an open source newsletter and email marketing software from phpList UK. A cross-site scripting vulnerability exists in phpList version 3.5.3, which can be exploited by adding a new administrator with the login field in the "Manage Administrators" section...

phplist cross-site scripting vulnerability (CNVD-2021-48521)

PhpList is a suite of open source newsletter and email marketing software from PhpList UK. A cross-site scripting vulnerability exists in the Import Email module in phplist 3.5.4, which can be exploited by an authenticated attacker to execute arbitrary Web script or HTML via a crafted payload...

PhpList Authentication Bypass Vulnerability (CNVD-2021-48845)

PhpList is a suite of open source newsletter and email marketing software from PhpList UK. A security vulnerability exists in phpList 3.5.3 that stems from the use of == instead of === for password hashing. No details of the vulnerability are provided at this time...

phpList Authentication Bypass Vulnerability

phpList is an open source newsletter and email marketing software from phpList UK. An authentication bypass vulnerability exists in phpList version 3.5.0, which can be exploited by remote attackers to bypass the authentication of an administrator's account, due to the program's failure to correct...