Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
campaign vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-23208
A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module.
Phplist Phplist 3.5.3
4.8
CVSSv3
CVE-2022-1396
The Donorbox WordPress plugin prior to 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed
Donorbox Donorbox
NA
CVE-2012-4498
The Activism module 6.x-2.x prior to 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote malicious users to bypass access restrictions and possibly have other unspecified impact.
Morbus Iff Activism 6.x-2.0
Morbus Iff Activism 6.x-2.x
5.4
CVSSv3
CVE-2022-1776
The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin prior to 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Icegram Popups\\, Welcome Bar\\, Optins And Lead Generation Plugin
NA
CVE-2011-0451
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE prior to 2.4.4 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors...
Lockon Ec-cube
Lockon Ec-cube 2.1.2
Lockon Ec-cube 1.4.5
Lockon Ec-cube 1.4.0
Lockon Ec-cube 1.3.3
Lockon Ec-cube 1.3.0
Lockon Ec-cube 1.1.0
Lockon Ec-cube 2.11.0
Lockon Ec-cube 2.3.0
Lockon Ec-cube 2.2.1
Lockon Ec-cube 2.2.0
Lockon Ec-cube 1.4.6
Lockon Ec-cube 1.3.4
Lockon Ec-cube 1.4.1
Lockon Ec-cube 1.2.0
Lockon Ec-cube 1.3.1
Lockon Ec-cube 2.4.4
Lockon Ec-cube 2.4.1
Lockon Ec-cube 2.4.2
Lockon Ec-cube 2.0.1
Lockon Ec-cube 2.0.0
Lockon Ec-cube 1.5.0
5.4
CVSSv3
CVE-2016-9130
Revive Adserver prior to 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
Revive-adserver Revive Adserver
NA
CVE-2012-4990
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote malicious users to execute arbitrary SQL commands via the ids[] parameter in a link action.
Openx Openx 2.8.10
4.8
CVSSv3
CVE-2021-24793
The WPeMatico RSS Feed Fetcher WordPress plugin prior to 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Etruel Wpematico Rss Feed Fetcher
7.2
CVSSv3
CVE-2017-6097
A SQL injection issue exists in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
Mail-masta Project Mail-masta 1.0
1 EDB exploit
6.1
CVSSv3
CVE-2021-22888
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execut...
Revive-adserver Revive Adserver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »