Description
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module.
Remediation
References
Related Vulnerabilities
Jenkins Improper Input Validation Vulnerability (CVE-2021-21639)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.1)
MySQL CVE-2021-2193 Vulnerability (CVE-2021-2193)
WordPress Plugin Brandfolder-Digital Asset Management Simplified Local/Remote File Inclusion (3.0)
WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.21)