CVE-2017-20034: PHPList List Name Persistent cross site scriting
First published: Fri Jun 10 2022(Updated: )
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| phpList | =3.2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-20034?
CVE-2017-20034 has been classified as a problematic vulnerability.
How do I fix CVE-2017-20034?
To fix CVE-2017-20034, upgrade PHPList to a version newer than 3.2.6.
What type of vulnerability is CVE-2017-20034?
CVE-2017-20034 is classified as a cross-site scripting (XSS) vulnerability.
Can CVE-2017-20034 be exploited remotely?
Yes, CVE-2017-20034 can be exploited remotely.
Which component of PHPList is affected by CVE-2017-20034?
CVE-2017-20034 affects the List Name component in PHPList.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phplist
- canonical/phplist
- version/phplist/3.2.6