Description
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.
Remediation
References
Related Vulnerabilities
XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)
WordPress Plugin All-in-One Event Calendar Multiple Vulnerabilities (1.9)
WordPress Plugin Opal Estate Cross-Site Request Forgery (1.6.11)
WordPress Plugin Click to Copy Grab Box Multiple Cross-Site Scripting Vulnerabilities (0.1.1)