CVE-2017-20033

Name of the Vulnerable Software and Affected Versions PHPList versions 3.2.6

Description A problematic issue has been found in PHPList, affecting an unknown part of the file /lists/admin/. The manipulation of the page argument with the input send'";><script>alert(8)</script> leads to cross site scripting (Reflected). It is possible to initiate the attack remotely.

Recommendations For PHPList version 3.2.6, upgrade to version 3.3.1 to address this issue. As a temporary workaround, consider restricting access to the /lists/admin/ endpoint until the upgrade is applied.