Hello,
I’m noticing that PHPList is using Jquery UI Version 1.8.1, however, there is a XSS vulnerability for using versions lower than 1.10.0
https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-31126/Jquery-Jquery-Ui.html
Locations I could find:
\phplist-3.4.0-RC2\public_html\lists\admin\js\jquery-ui-1.8.1.all.min.js
\phplist-3.4.0-RC2\public_html\lists\admin\ui\default\js\all.js
\phplist-3.4.0-RC2\public_html\lists\admin\ui\default\js\all.min.js
I know that the release candidate updated other Jquery libraries. Perhaps this update can happen concurrently?
Regards,
Kathleen