CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36399
https://notcve.org/view.php?id=CVE-2020-36399
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el parámetro "rule1" bajo el módulo "Bounce Rules" • https://github.com/phpList/phplist3/issues/675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36398
https://notcve.org/view.php?id=CVE-2020-36398
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo "Campaign" bajo el módulo "Send a campaign" • https://github.com/phpList/phplist3/issues/676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23194
https://notcve.org/view.php?id=CVE-2020-23194
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en la funcionalidad "Import Subscribers" de phplist versiones 3.5.4 y por debajo permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada • https://github.com/phpList/phplist3/issues/678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23192
https://notcve.org/view.php?id=CVE-2020-23192
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el parámetro "admin" en el módulo "Manage administrators" • https://github.com/phpList/phplist3/issues/671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23190
https://notcve.org/view.php?id=CVE-2020-23190
02 Jul 2021 — A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en el módulo "Import emails" en phplist versiones 3.5.4, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada • https://github.com/phpList/phplist3/issues/667 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23217
https://notcve.org/view.php?id=CVE-2020-23217
01 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Add a list" bajo el módulo "Import Emails" • https://github.com/phpList/phplist3/issues/672 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23214
https://notcve.org/view.php?id=CVE-2020-23214
01 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Configure categories" del módulo "Categorise Lists" • https://github.com/phpList/phplist3/issues/669 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23209
https://notcve.org/view.php?id=CVE-2020-23209
01 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "List Description" en el módulo "Edit A List" • https://github.com/phpList/phplist3/issues/666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23208
https://notcve.org/view.php?id=CVE-2020-23208
01 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Send test" en el módulo "Start or continue campaign" • https://github.com/phpList/phplist3/issues/665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23207
https://notcve.org/view.php?id=CVE-2020-23207
01 Jul 2021 — A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Edit Values" bajo el módulo "Configure Attributes" • https://github.com/phpList/phplist3/issues/664 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •