Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletters vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-47517
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.23.11.6 versions.
Pressified Sendpress
4.8
CVSSv3
CVE-2023-41729
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.
Pressified Sendpress
NA
CVE-2012-1297
Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and previous versions allow remote malicious users to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module...
Contao Contao Cms 2.1.20
Contao Contao Cms 2.2.6
Contao Contao Cms 2.4.0
Contao Contao Cms 2.2.4
Contao Contao Cms 2.5.9
Contao Contao Cms 2.6.2
Contao Contao Cms 2.4.6
Contao Contao Cms 2.4.3
Contao Contao Cms 2.6.1
Contao Contao Cms 2.2.5
Contao Contao Cms 2.7.6
Contao Contao Cms 2.8.4
Contao Contao Cms 2.1.8
Contao Contao Cms 2.6.4
Contao Contao Cms 2.1.19
Contao Contao Cms 2.1.15
Contao Contao Cms 2.1.2
Contao Contao Cms 2.1.16
Contao Contao Cms 2.10.3
Contao Contao Cms 2.2.0
Contao Contao Cms 2.2.1
Contao Contao Cms 2.3.4
1 EDB exploit
NA
CVE-2024-31352
Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a up to and including 5.7.13.
NA
CVE-2024-32953
Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a up to and including 4.9.5.
NA
CVE-2024-32954
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a up to and including 4.9.5.
4.8
CVSSv3
CVE-2020-29070
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
Oscommerce Oscommerce 2.3.4.1
1 Github repository
7.2
CVSSv3
CVE-2015-7342
JNews Joomla Component prior to 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
Joobi Jnews
NA
CVE-2009-3334
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
Lhacky Com Jinc 0.2
1 EDB exploit
NA
CVE-2012-5537
The Simplenews Scheduler module 6.x-2.x prior to 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.0
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.1
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.2
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.3
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.x
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »