Description

A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.

Remediation

References

CVE-2020-23194

Related Vulnerabilities

WordPress Plugin YITH Advanced Refund System for WooCommerce Security Bypass (1.0.10)

WordPress Plugin Another WordPress Classifieds Arbitrary File Upload (3.3.2)

ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0204)

Oracle JRE CVE-2013-5803 Vulnerability (CVE-2013-5803)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Multiple Cross-Site Scripting Vulnerabilities (4.2.4)

Severity

Medium

Classification

CVE-2020-23194 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities