phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.Referenceshttps://www.phplist.org/newslist/phplist-3-5-4-release-notes/https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-004
