CVE-2020-13827

CVE-2020-13827

EPSS 0.8%

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.phplist.org/newslist/phplist-3-5-4-release-notes/https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-004