Page 3 of 46 results (0.002 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el parámetro "rule1" bajo el módulo "Bounce Rules" • https://github.com/phpList/phplist3/issues/675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo "Campaign" bajo el módulo "Send a campaign" • https://github.com/phpList/phplist3/issues/676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en la funcionalidad "Import Subscribers" de phplist versiones 3.5.4 y por debajo permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada • https://github.com/phpList/phplist3/issues/678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el parámetro "admin" en el módulo "Manage administrators" • https://github.com/phpList/phplist3/issues/671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Add a list" bajo el módulo "Import Emails" • https://github.com/phpList/phplist3/issues/672 https://www.phplist.org/newslist/phplist-3-5-4-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •