CVE-2020-23190
https://notcve.org/view.php?id=CVE-2020-23190
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en el módulo "Import emails" en phplist versiones 3.5.4, permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada • https://github.com/phpList/phplist3/issues/667 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-23217
https://notcve.org/view.php?id=CVE-2020-23217
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Add a list" bajo el módulo "Import Emails" • https://github.com/phpList/phplist3/issues/672 https://www.phplist.org/newslist/phplist-3-5-4-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-23214
https://notcve.org/view.php?id=CVE-2020-23214
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Configure categories" del módulo "Categorise Lists" • https://github.com/phpList/phplist3/issues/669 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-23209
https://notcve.org/view.php?id=CVE-2020-23209
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "List Description" en el módulo "Edit A List" • https://github.com/phpList/phplist3/issues/666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-23208
https://notcve.org/view.php?id=CVE-2020-23208
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versión 3.5.3, permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada introducida en el campo "Send test" en el módulo "Start or continue campaign" • https://github.com/phpList/phplist3/issues/665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •