5207 matches found
Cross site scripting
A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module...
CVE-2020-36415
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Create a new Stylesheet" parameter under the "Stylesheets" module...
CVE-2020-36415
CMS Made Simple 2.2.14 is affected by a stored XSS in the Stylesheets module (Create a new Stylesheet field). Authenticated users can inject arbitrary web scripts through this parameter, potentially impacting data integrity and user sessions. No remediation details are provided in the supplied do...
CVE-2020-36413
CVE-2020-36413 affects CMS Made Simple 2.2.14 and describes a stored XSS vulnerability: an authenticated user can inject arbitrary web scripts/HTML via the Maintenance Mode parameter “Exclude these IP addresses from the Site Down state.” The CVE details indicate low to moderate impact per CVSS da...
CVE-2020-36413
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module...
CVE-2020-36412
A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Search Text" field under the "Admin Search" module...
CVE-2020-36410
CMS Made Simple 2.2.14 contains a stored XSS vulnerability in the Options module. An authenticated attacker can submit a crafted payload to the "Email address to receive notification of news submission" parameter, leading to execution of arbitrary web scripts/HTML. Multiple connected sources corr...
CVE-2020-36408
CMS Made Simple 2.2.14 is affected by a stored XSS via the Add Shortcut field in the Manage Shortcuts module. Exploitation requires authentication, enabling attackers to inject and execute arbitrary web scripts or HTML in the context of the affected site. Affected product/version: CMS Made Simple...
CVE-2020-36398
A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...
CVE-2020-36396
A stored cross site scripting XSS vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter...
CVE-2020-23194
A stored cross site scripting XSS vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-23192
CVE-2020-23192 is a stored XSS in phplist ≤ 3.5.4, exploitable by an authenticated user via a crafted payload in the admin parameter of the Manage Administrators module. The vulnerability can lead to execution of arbitrary web scripts/HTML. Public technical details are provided by multiple source...
CVE-2020-23190
A stored cross site scripting XSS vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-23185
CVE-2020-23185 is a stored XSS vulnerability in PHP-Fusion 9.03.60, exploitable via /administration/setting_security.php. An authenticated attacker can inject and trigger arbitrary web scripts/HTML. Multiple connected sources (Red Hat, CNVD/CNNVD entries, NVD) confirm the same issue and target pa...
CVE-2020-23185
A stored cross site scripting XSS vulnerability in /administration/settingsecurity.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-23184
A stored cross site scripting XSS vulnerability in /administration/settingsregistration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field...
CVE-2020-23181
A reflected cross site scripting XSS vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field...
phpList < 3.5.4 Multiple Vulnerabilities
phpList is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phplist:phplist"; if description...
CVE-2020-23208
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module...
CVE-2020-23217
A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module...