Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phplist phplist vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-23192
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module.
Phplist Phplist
5.4
CVSSv3
CVE-2020-23194
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Phplist Phplist
4.8
CVSSv3
CVE-2020-22251
Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.
Phplist Phplist
6.1
CVSSv3
CVE-2020-12639
phpList prior to 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.
Phplist Phplist
5.4
CVSSv3
CVE-2020-36399
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module.
Phplist Phplist
6.1
CVSSv3
CVE-2020-13827
phpList prior to 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
Phplist Phplist
7.2
CVSSv3
CVE-2020-35708
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
Phplist Phplist 3.5.9
9.8
CVSSv3
CVE-2021-3188
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
Phplist Phplist 3.6.0
9.8
CVSSv3
CVE-2017-20029
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been d...
Phplist Phplist 3.2.6
2.7
CVSSv3
CVE-2017-20031
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The e...
Phplist Phplist 3.2.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »