CVE-2020-13827

CVE-2020-13827

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.

Source: CVE-2020-13827