CVE-2020-13827
https://notcve.org/view.php?id=CVE-2020-13827
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. phpList versiones anteriores a 3.5.4, permite un ataque de tipo XSS por medio de los archivos /lists/admin/user.php y /lists/admin/users.php • https://www.phplist.org/newslist/phplist-3-5-4-release-notes https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-004 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-12639
https://notcve.org/view.php?id=CVE-2020-12639
phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. phpList versiones anteriores a la versión 3.5.3, permiten un ataque de tipo XSS, dando como resultado una ascenso de privilegios, por medio del archivo lists/admin/template.php. • https://github.com/phpList/phplist3/compare/3.5.2...3.5.3 https://www.phplist.org/newslist/phplist-3-5-3-release-notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •