CVE-2020-12639

CVE-2020-12639

EPSS 0.7%

phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/phpList/phplist3/compare/3.5.2...3.5.3 https://www.phplist.org/newslist/phplist-3-5-3-release-notes/