Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletters vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-29070
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
Oscommerce Oscommerce 2.3.4.1
1 Github repository
NA
CVE-2024-32954
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a up to and including 4.9.5.
7.2
CVSSv3
CVE-2015-7342
JNews Joomla Component prior to 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
Joobi Jnews
9.8
CVSSv3
CVE-2023-51414
Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a up to and including 2.1.
Donweb Envialosimple\\ Email Marketing Y Newsletters
NA
CVE-2009-3334
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
Lhacky Com Jinc 0.2
1 EDB exploit
NA
CVE-2012-5537
The Simplenews Scheduler module 6.x-2.x prior to 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.3
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.2
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.1
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.0
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.x
NA
CVE-2024-1588
The SendPress Newsletters WordPress plugin up to and including 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
NA
CVE-2024-1589
The SendPress Newsletters WordPress plugin up to and including 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
6.1
CVSSv3
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote malicious user to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operatio...
Ec-cube Email Newsletters Management
5.3
CVSSv3
CVE-2022-44005
An issue exists in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other person...
Backclick Backclick 5.9.63
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »