CVE-2020-23209

Name of the Vulnerable Software and Affected Versions phplist version 3.5.3

Description A stored cross site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the List Description field under the Edit A List module. This enables attackers to potentially manipulate the web application's behavior or steal user data.

Recommendations For phplist version 3.5.3, update to a newer version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Edit A List module to minimize the risk of exploitation. Additionally, avoid using the List Description field until the issue is resolved.