Phplist: >> Phplist >> 3.5.3 Security Vulnerabilities
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-07-01
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-07-01
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-01-27
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-07-08
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-04
Page 2