pkg:Bitnami/phplist
21 total CVEsCRITICAL4HIGH2MEDIUM15
✅ Check your installed version
All known vulnerabilities
- >= 3.5.1, <= 3.5.1
- CRITICAL9.8CVE-2020-23361phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that beg…>= 3.5.3, <= 3.5.3
- CRITICAL9.8CVE-2020-8547phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes th…>= 3.5.0, <= 3.5.0
- CRITICAL9.8CVE-2021-3188phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.>= 3.6.0, <= 3.6.0
- from 0, < 3.5.4
- HIGH7.2CVE-2020-35708phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.>= 3.5.9, <= 3.5.9
- >= 3.6.12, <= 3.6.12
- MEDIUM6.1CVE-2020-12639phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.from 0, < 3.5.3
- MEDIUM6.1CVE-2020-13827phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.from 0, < 3.5.4
- from 0, < 3.5.4
- MEDIUM5.4CVE-2020-23190A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute…>= 3.5.4, <= 3.5.4
- MEDIUM5.4CVE-2020-23192A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web script…from 0, < 3.5.4
- MEDIUM5.4CVE-2020-23194A stored cross site scripting (XSS) vulnerability in the "Import Subscribers" feature in phplist 3.5.4 and below allows authenticated attac…from 0, < 3.5.4
- MEDIUM5.4CVE-2020-23207A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted…>= 3.5.3, <= 3.5.3
- MEDIUM5.4CVE-2020-23208A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted…>= 3.5.3, <= 3.5.3
- MEDIUM5.4CVE-2020-23209A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted…>= 3.5.3, <= 3.5.3
- MEDIUM5.4CVE-2020-23214A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted…>= 3.5.3, <= 3.5.3
- MEDIUM5.4CVE-2020-23217A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted…>= 3.5.3, <= 3.5.3
- MEDIUM5.4CVE-2020-36398A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via…from 0, < 3.5.4
- MEDIUM5.4CVE-2020-36399A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via…from 0, < 3.5.4
- MEDIUM4.8CVE-2020-22251Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.from 0, < 3.5.3