CVE-2020-23214

Name of the Vulnerable Software and Affected Versions phplist version 3.5.3

Description A stored cross site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Configure categories field under the Categorise Lists module. This issue is related to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to conduct cross-site scripting.

Recommendations For phplist version 3.5.3, consider disabling the Categorise Lists module or restricting access to the Configure categories field until a patch is available. Avoid using the Configure categories field in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.