dark reading threat intel and cybersecurity news
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database

CVE-2020-23207
PUBLISHED: 2021-07-01

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Edit Values” field under the “Configure Attributes” module.

CVE-2020-23208
PUBLISHED: 2021-07-01

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Send test” field under the “Start or continue campaign” module.

CVE-2020-23209
PUBLISHED: 2021-07-01

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “List Description” field under the “Edit A List” module.

CVE-2020-23214
PUBLISHED: 2021-07-01

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Configure categories” field under the “Categorise Lists” module.

CVE-2020-23217
PUBLISHED: 2021-07-01

A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the “Add a list” field under the “Import Emails” module.