CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22251
https://notcve.org/view.php?id=CVE-2020-22251
Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en phpList versión 3.5.3, por medio del campo login name en Manage Administrators al añadir un nuevo administrador • https://github.com/phpList/phplist3/issues/660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36399
https://notcve.org/view.php?id=CVE-2020-36399
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el parámetro "rule1" bajo el módulo "Bounce Rules" • https://github.com/phpList/phplist3/issues/675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36398
https://notcve.org/view.php?id=CVE-2020-36398
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el campo "Campaign" bajo el módulo "Send a campaign" • https://github.com/phpList/phplist3/issues/676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23194
https://notcve.org/view.php?id=CVE-2020-23194
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en la funcionalidad "Import Subscribers" de phplist versiones 3.5.4 y por debajo permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada • https://github.com/phpList/phplist3/issues/678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23192
https://notcve.org/view.php?id=CVE-2020-23192
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. Una vulnerabilidad de tipo cross site scripting (XSS) almacenada en phplist versiones 3.5.4 y por debajo permite a atacantes autenticados ejecutar scripts web o HTML arbitrario por medio de una carga útil diseñada en el parámetro "admin" en el módulo "Manage administrators" • https://github.com/phpList/phplist3/issues/671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •