CVE-2020-15073

Description

An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.

How to fix CVE-2020-15073

To remediate CVE-2020-15073, upgrade the affected package to a fixed version below.

Bitnami/phplist—upgrade to 3.5.4 or later

Is CVE-2020-15073 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 3.5.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (3)

WEBblog.telspace.co.za/2020/07/phplist-cve-2020-15072-cve-2020-15073.html
WEBdiscuss.phplist.org/t/phplist-3-5-5-has-been-released/6377
WEBwww.phplist.org/newslist/phplist-3-5-5-release-notes/