CVE-2017-20035: PHPList Subscribe Persistent cross site scriting
First published: Fri Jun 10 2022(Updated: )
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| phpList | =3.2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2017-20035?
CVE-2017-20035 is classified as problematic due to its potential for persistent cross-site scripting (XSS) attacks.
How do I fix CVE-2017-20035?
To fix CVE-2017-20035, you should upgrade PHPList to a version that addresses this vulnerability.
What are the consequences of exploiting CVE-2017-20035?
Exploiting CVE-2017-20035 can allow an attacker to execute malicious scripts in users' browsers, leading to unauthorized actions or data leakage.
Which versions of PHPList are affected by CVE-2017-20035?
CVE-2017-20035 specifically affects PHPList version 3.2.6.
Is CVE-2017-20035 a remote attack vector?
Yes, attacks exploiting CVE-2017-20035 can be initiated remotely.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phplist
- canonical/phplist
- version/phplist/3.2.6