Phplist

Phplist

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2017-20036

Exploit
  • EPSS 0.21%
  • Veröffentlicht 10.06.2022 10:15:08
  • Zuletzt bearbeitet 21.11.2024 03:22:29

A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to l...

4.8

CVE-2020-22251

Exploit
  • EPSS 0.26%
  • Veröffentlicht 06.07.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:13:12

Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.

9.8

CVE-2020-22249

Exploit
  • EPSS 2.65%
  • Veröffentlicht 06.07.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:13:12

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to th...

5.4

CVE-2020-36399

Exploit
  • EPSS 0.17%
  • Veröffentlicht 02.07.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:29:24

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module.

5.4

CVE-2020-36398

Exploit
  • EPSS 0.19%
  • Veröffentlicht 02.07.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:29:24

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.

5.4

CVE-2020-23194

Exploit
  • EPSS 0.48%
  • Veröffentlicht 02.07.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:13:38

A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

5.4

CVE-2020-23192

Exploit
  • EPSS 0.53%
  • Veröffentlicht 02.07.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:13:38

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.

5.4

CVE-2020-23190

Exploit
  • EPSS 0.53%
  • Veröffentlicht 02.07.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:13:38

A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

5.4

CVE-2020-23214

Exploit
  • EPSS 0.26%
  • Veröffentlicht 01.07.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:13:39

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.

5.4

CVE-2020-23217

Exploit
  • EPSS 0.26%
  • Veröffentlicht 01.07.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 05:13:39

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.