Description phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. Remediation References CVE-2020-12639 Related Vulnerabilities Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-5379) Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5336) ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-7698) WordPress Plugin Calendar Event Multi View Multiple Vulnerabilities (1.1.4) WordPress Plugin Image Optimizer, Resizer and CDN-Sirv SQL Injection (1.3.1) Severity Medium Classification CVE-2020-12639 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities