Description
A stored cross site scripting (XSS) vulnerability in the "Import emails" module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.
Remediation
References
Related Vulnerabilities
Mailman Other Vulnerability (CVE-2002-0855)
WordPress Plugin External 'Video for Everybody' Cross-Site Scripting (2.0)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.11)
WordPress Plugin Backup and Staging by WP Time Capsule PHP Object Injection (1.21.9)
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)