Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletters vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32954
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a up to and including 4.9.5.
312
VMScore
CVE-2020-29070
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
Oscommerce Oscommerce 2.3.4.1
1 Github repository
578
VMScore
CVE-2015-7342
JNews Joomla Component prior to 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
Joobi Jnews
NA
CVE-2023-51414
Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a up to and including 2.1.
Donweb Envialosimple\\ Email Marketing Y Newsletters
755
VMScore
CVE-2009-3334
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
Lhacky Com Jinc 0.2
1 EDB exploit
534
VMScore
CVE-2012-5537
The Simplenews Scheduler module 6.x-2.x prior to 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.3
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.2
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.1
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.0
Simplenews Scheduler Project Simplenews Scheduler 6.x-2.x
NA
CVE-2024-1588
The SendPress Newsletters WordPress plugin up to and including 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
NA
CVE-2024-1589
The SendPress Newsletters WordPress plugin up to and including 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...
383
VMScore
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 series) versions prior to version 1.0.4 allows a remote malicious user to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operatio...
Ec-cube Email Newsletters Management
NA
CVE-2022-44005
An issue exists in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other person...
Backclick Backclick 5.9.63
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »