Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
campaign vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-1776
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin prior to 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Icegram Popups\\, Welcome Bar\\, Optins And Lead Generation Plugin
4.3
CVSSv2
CVE-2022-1407
The VikBooking Hotel Booking Engine & PMS WordPress plugin prior to 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tra...
Vikwp Hotel Booking Engine \\& Pms
3.5
CVSSv2
CVE-2022-1396
The Donorbox WordPress plugin prior to 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
Donorbox Donorbox
4.3
CVSSv2
CVE-2021-42357
When using Apache Knox SSO before 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL w...
Apache Knox
5
CVSSv2
CVE-2021-40745
Adobe Campaign version 21.2.1 (and previous versions) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.
Adobe Campaign
3.5
CVSSv2
CVE-2021-24793
The WPeMatico RSS Feed Fetcher WordPress plugin prior to 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Etruel Wpematico Rss Feed Fetcher
3.5
CVSSv2
CVE-2020-36398
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.
Phplist Phplist
3.5
CVSSv2
CVE-2020-23208
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
Phplist Phplist 3.5.3
4.3
CVSSv2
CVE-2021-22888
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execut...
Revive-adserver Revive Adserver
5
CVSSv2
CVE-2021-21009
Adobe Campaign Classic Gold Standard 10 (and previous versions), 20.3.1 (and previous versions), 20.2.3 (and previous versions), 20.1.3 (and previous versions), 19.2.3 (and previous versions) and 19.1.7 (and previous versions) are affected by a server-side request forgery (SSRF) ...
Adobe Campaign Classic
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »