Description phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. Remediation References CVE-2020-12639 Related Vulnerabilities Oracle JRE CVE-2011-3563 Vulnerability (CVE-2011-3563) Jetty Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7658) WordPress Plugin Image Optimizer by 10web-Image Optimizer and Compression Directory Traversal (1.0.25) PHP CVE-2012-1823 Vulnerability (CVE-2012-1823) Ruby Improper Input Validation Vulnerability (CVE-2015-1855) Severity Medium Classification CVE-2020-12639 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities