Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phplist vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-23214
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module.
Phplist Phplist 3.5.3
5.4
CVSSv3
CVE-2020-23217
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.
Phplist Phplist 3.5.3
5.4
CVSSv3
CVE-2020-23190
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Phplist Phplist 3.5.4
5.4
CVSSv3
CVE-2020-23207
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module.
Phplist Phplist 3.5.3
5.4
CVSSv3
CVE-2020-23208
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
Phplist Phplist 3.5.3
5.4
CVSSv3
CVE-2020-23209
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module.
Phplist Phplist 3.5.3
9.8
CVSSv3
CVE-2021-3188
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
Phplist Phplist 3.6.0
NA
CVE-2015-3345
SQL injection vulnerability in the PHPlist Integration Module prior to 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."
Phplist Integration Project Phplist Integration
NA
CVE-2009-4066
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 prior to 5.x-1.2 and 6 prior to 6.x-1.1 for Drupal allow remote malicious users to hijack the authentication of arbitrary users via vectors related to ...
Drupal Drupal
Paul Beaney Phplist 5.x-1.x
Paul Beaney Phplist 6.x-1.x
Paul Beaney Phplist 6.x-1.0
Paul Beaney Phplist 5.x-1.0
Paul Beaney Phplist 5.x-1.1
NA
CVE-2005-2432
SQL injection vulnerability in PhpList allows remote malicious users to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
Tincan Phplist
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »