CVE-2020-15073

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15073

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15073.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-15073

Aliases

BIT-phplist-2020-15073

Published

2020-07-08T20:15:10Z

Modified

2024-10-12T06:10:17.859459Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.

References

Affected packages

Git / github.com/phplist/phplist3

Affected ranges

Type: GIT
Repo: https://github.com/phplist/phplist3
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1beb05d51cc707e5b9c7bf614a11843a764b8bca

Affected versions

3.*

3.2.0

3.2.0-RC1

3.3.0

3.3.2

3.3.3

3.3.6

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.4.9

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

v.*

v.3.2.2

v.3.3.4

v.3.3.5

v.3.3.7

v.3.3.8

v.3.4.2

v3.*

v3.2.1

v3.2.3

v3.2.4

v3.2.7

v3.3.1

v3.3.8

v3.3.9