CVE-2020-15073

Опубликовано: 08 июл. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.

Ссылки

https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html
Exploit
Third Party Advisory
https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377
Release Notes
Vendor Advisory
https://www.phplist.org/newslist/phplist-3-5-5-release-notes/
Release Notes
Vendor Advisory
https://blog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html
Exploit
Third Party Advisory
https://discuss.phplist.org/t/phplist-3-5-5-has-been-released/6377
Release Notes
Vendor Advisory
https://www.phplist.org/newslist/phplist-3-5-5-release-notes/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:*

Версия до 3.5.4 (включая)

EPSS

Процентиль: 62%

0.0043

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-15073

CVSS3: 5.4

debian

больше 5 лет назад

An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...

GHSA-rvh8-jqf6-87pm

github

больше 3 лет назад