Description

An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.

Remediation

References

CVE-2020-15073

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1003050)

Apache Tomcat Other Vulnerability (CVE-2015-5346)

Magento Session Fixation Vulnerability (CVE-2019-8116)

WordPress Plugin ICustomizer Cross-Site Scripting (1.4.13)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8157)

Severity

Medium

Classification

CVE-2020-15073 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities