EPSS
Percentile
40.7%
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
www.phplist.org/newslist/phplist-3-5-4-release-notes/
www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-004