CVE-2020-15073: XSS
First published: Wed Jul 08 2020(Updated: )
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPList | <=3.5.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-15073?
The severity of CVE-2020-15073 is classified as medium due to the potential for cross-site scripting attacks.
How do I fix CVE-2020-15073?
To fix CVE-2020-15073, upgrade phpList to version 3.5.5 or newer.
What components of phpList are affected by CVE-2020-15073?
CVE-2020-15073 affects the Import Administrators section and the Subscriber Lists section of phpList.
What type of vulnerability is CVE-2020-15073?
CVE-2020-15073 is an XSS (cross-site scripting) vulnerability.
Can CVE-2020-15073 be exploited remotely?
Yes, CVE-2020-15073 can be exploited remotely through the upload functionality in the affected sections.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phplist
- canonical/phplist
- version/phplist/3.5.4