Filtered by vendor Phplist
Subscriptions
Filtered by product Phplist
Subscriptions
Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23207 | 1 Phplist | 1 Phplist | 2021-07-06 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module. | ||||
| CVE-2020-23190 | 1 Phplist | 1 Phplist | 2021-07-06 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-23214 | 1 Phplist | 1 Phplist | 2021-07-06 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Configure categories" field under the "Categorise Lists" module. | ||||
| CVE-2020-23217 | 1 Phplist | 1 Phplist | 2021-07-06 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module. | ||||
| CVE-2020-23192 | 1 Phplist | 1 Phplist | 2021-07-06 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the "admin" parameter under the "Manage administrators" module. | ||||
| CVE-2020-23194 | 1 Phplist | 1 Phplist | 2021-07-06 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-36398 | 1 Phplist | 1 Phplist | 2021-07-06 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | ||||
| CVE-2020-36399 | 1 Phplist | 1 Phplist | 2021-07-06 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | ||||
| CVE-2021-3188 | 1 Phplist | 1 Phplist | 2021-02-03 | 9.8 Critical |
| phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports. | ||||
| CVE-2020-35708 | 1 Phplist | 1 Phplist | 2020-12-28 | 7.2 High |
| phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page. | ||||
| CVE-2020-15072 | 1 Phplist | 1 Phplist | 2020-07-10 | 8.8 High |
| An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. | ||||
| CVE-2020-15073 | 1 Phplist | 1 Phplist | 2020-07-10 | 5.4 Medium |
| An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. | ||||
| CVE-2020-12639 | 1 Phplist | 1 Phplist | 2020-05-07 | 6.1 Medium |
| phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | ||||
| CVE-2006-5524 | 1 Phplist | 1 Phplist | 2018-10-17 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321. | ||||
| CVE-2008-6178 | 2 Fckeditor, Phplist | 2 Fckeditor, Phplist | 2017-09-29 | N/A |
| Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-3953 | 1 Phplist | 1 Phplist | 2017-08-29 | N/A |
| SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | ||||
| CVE-2012-3952 | 1 Phplist | 1 Phplist | 2017-08-29 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. | ||||
| CVE-2014-2916 | 1 Phplist | 1 Phplist | 2015-08-01 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/. | ||||