CVE-2020-15073

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15073

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15073.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15073

Aliases

BIT-phplist-2020-15073

Published

2020-07-08T20:15:10.350Z

Modified

2026-03-14T10:06:34.143415Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.

References

Affected packages

Git / github.com/phplist/phplist3

Affected ranges

Type

GIT

Repo

https://github.com/phplist/phplist3

Events

Introduced

Last affected

1beb05d51cc707e5b9c7bf614a11843a764b8bca

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.4"
        }
    ]
}

Affected versions

3.*

3.2.0

3.2.0-RC1

3.3.0

3.3.2

3.3.3

3.3.6

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

v.*

v.3.2.2

v.3.3.4

v.3.3.5

v.3.3.7

v.3.3.8

v.3.4.2

v3.*

v3.2.1

v3.2.3

v3.2.4

v3.2.7

v3.3.1

v3.3.8

v3.3.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15073.json"