Description
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
Remediation
References
Related Vulnerabilities
WordPress Plugin Hotjar Connecticator Cross-Site Scripting (1.1.1)
WordPress Plugin WordPress Simple Shopping Cart Cross-Site Request Forgery (3.5)
Joomla! Core Multiple Cross-Site Scripting Vulnerabilities (2.5.0 - 3.9.1)
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1010123)