Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Phplist Subscribe
Total 38 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-23194 1 Phplist 1 Phplist 2021-07-06 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2020-36398 1 Phplist 1 Phplist 2021-07-06 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.
CVE-2020-36399 1 Phplist 1 Phplist 2021-07-06 3.5 LOW 5.4 MEDIUM
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module.
CVE-2021-3188 1 Phplist 1 Phplist 2021-02-03 10.0 HIGH 9.8 CRITICAL
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
CVE-2020-35708 1 Phplist 1 Phplist 2020-12-28 6.5 MEDIUM 7.2 HIGH
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
CVE-2020-15072 1 Phplist 1 Phplist 2020-07-10 6.5 MEDIUM 8.8 HIGH
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
CVE-2020-15073 1 Phplist 1 Phplist 2020-07-10 3.5 LOW 5.4 MEDIUM
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
CVE-2020-12639 1 Phplist 1 Phplist 2020-05-07 4.3 MEDIUM 6.1 MEDIUM
phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.
CVE-2006-5524 1 Phplist 1 Phplist 2018-10-17 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.
CVE-2008-6178 2 Fckeditor, Phplist 2 Fckeditor, Phplist 2017-09-28 7.5 HIGH N/A
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
CVE-2012-3952 1 Phplist 1 Phplist 2017-08-28 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
CVE-2012-3953 1 Phplist 1 Phplist 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
CVE-2004-2744 1 Phplist 1 Mailing List Manager 2017-07-28 5.0 MEDIUM N/A
Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release."
CVE-2014-2916 1 Phplist 1 Phplist 2015-07-31 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.
CVE-2012-2741 1 Phplist 1 Phplist 2012-09-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.
CVE-2012-2740 1 Phplist 1 Phplist 2012-09-12 7.5 HIGH N/A
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
CVE-2012-4247 1 Phplist 1 Phplist 2012-08-13 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page.
CVE-2012-4246 1 Phplist 1 Phplist 2012-08-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page.