Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
campaign vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2022-1396
The Donorbox WordPress plugin prior to 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
Donorbox Donorbox
3.5
CVSSv2
CVE-2020-23208
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
Phplist Phplist 3.5.3
7.5
CVSSv2
CVE-2012-4498
The Activism module 6.x-2.x prior to 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote malicious users to bypass access restrictions and possibly have other unspecified impact.
Morbus Iff Activism 6.x-2.0
Morbus Iff Activism 6.x-2.x
3.5
CVSSv2
CVE-2022-1776
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin prior to 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Icegram Popups\\, Welcome Bar\\, Optins And Lead Generation Plugin
4.3
CVSSv2
CVE-2011-0451
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE prior to 2.4.4 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors...
Lockon Ec-cube
Lockon Ec-cube 2.1.2
Lockon Ec-cube 1.4.5
Lockon Ec-cube 1.4.0
Lockon Ec-cube 1.3.3
Lockon Ec-cube 1.3.0
Lockon Ec-cube 1.1.0
Lockon Ec-cube 2.11.0
Lockon Ec-cube 2.3.0
Lockon Ec-cube 2.2.1
Lockon Ec-cube 2.2.0
Lockon Ec-cube 1.4.6
Lockon Ec-cube 1.3.4
Lockon Ec-cube 1.4.1
Lockon Ec-cube 1.2.0
Lockon Ec-cube 1.3.1
Lockon Ec-cube 2.4.4
Lockon Ec-cube 2.4.1
Lockon Ec-cube 2.4.2
Lockon Ec-cube 2.0.1
Lockon Ec-cube 2.0.0
Lockon Ec-cube 1.5.0
3.5
CVSSv2
CVE-2016-9130
Revive Adserver prior to 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
Revive-adserver Revive Adserver
7.5
CVSSv2
CVE-2012-4990
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote malicious users to execute arbitrary SQL commands via the ids[] parameter in a link action.
Openx Openx 2.8.10
3.5
CVSSv2
CVE-2021-24793
The WPeMatico RSS Feed Fetcher WordPress plugin prior to 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Etruel Wpematico Rss Feed Fetcher
6.5
CVSSv2
CVE-2017-6097
A SQL injection issue exists in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
Mail-masta Project Mail-masta 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2021-22888
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execut...
Revive-adserver Revive Adserver
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »