CVE-2020-22251

Name of the Vulnerable Software and Affected Versions phplist version 3.5.3

Description The issue is related to a lack of protection for the web page structure, allowing a remote attacker to perform cross-site scripting attacks. This can be achieved by creating a new username in the login name field within the Manage Administrators section. The estimated number of potentially affected devices is not provided.

Recommendations For phplist version 3.5.3, consider disabling the ability to add new administrators or restrict access to the Manage Administrators section until a patch is available. Avoid using the login name field in the affected section to minimize the risk of exploitation.