BIT-phplist-2020-15073

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/phplist/BIT-phplist-2020-15073.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-phplist-2020-15073

Aliases

CVE-2020-15073

Published

2024-03-06T11:04:21.405Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:*"
    ]
}

References

https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html
https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377
https://www.phplist.org/newslist/phplist-3-5-5-release-notes/

Affected packages

Bitnami / phplist

Package

Name: phplist
Purl: pkg:bitnami/phplist

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.4