phpList < 3.5.4 Multiple Vulnerabilities

phpList is prone to multiple vulnerabilities.

The following vulnerabilities exist: - CVE-2020-23207: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Edit Values' field under the 'Configure Attributes' module - CVE-2020-23208: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Send test' field under the 'Start or continue campaign' module - CVE-2020-23209: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'List Description' field under the 'Edit A List' module - CVE-2020-23214: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Configure categories' field under the 'Categorise Lists' module - CVE-2020-23217: Stored XSS allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Add a list' field under the 'Import Emails' module - CVE-2020-23361: Allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters

phpList version 3.5.3 and prior.

Checks if a vulnerable version is present on the target host.

Update to version 3.5.4 or later.