Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
phpList < 3.5.4 Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
phpList is prone to multiple vulnerabilities.
Insight
Insight
The following vulnerabilities exist: - CVE-2020-23207: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Edit Values' field under the 'Configure Attributes' module - CVE-2020-23208: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Send test' field under the 'Start or continue campaign' module - CVE-2020-23209: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'List Description' field under the 'Edit A List' module - CVE-2020-23214: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Configure categories' field under the 'Categorise Lists' module - CVE-2020-23217: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Add a list' field under the 'Import Emails' module - CVE-2020-23361: Allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters
Affected Software
Affected Software
phpList version 3.5.3 and prior.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 3.5.4 or later.
Common Vulnerabilities and Exposures (CVE)
References
- https://www.phplist.org/newslist/phplist-3-5-4-release-notes/
- https://github.com/phpList/phplist3/issues/664
- https://github.com/phpList/phplist3/issues/665
- https://github.com/phpList/phplist3/issues/666
- https://github.com/phpList/phplist3/issues/669
- https://github.com/phpList/phplist3/issues/672
- https://github.com/phpList/phplist3/issues/668