The Simplenews module 6.x-1.x prior to 6.x-1.4, 6.x-2.x prior to 6.x-2.0-alpha4, and 7.x-1.x prior to 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote malicious users to obtain sensitive information via the confirmation page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
md-systems simplenews 6.x-1.0 |
||
md-systems simplenews 6.x-1.1 |
||
md-systems simplenews 6.x-1.2 |
||
md-systems simplenews 6.x-1.3 |
||
md-systems simplenews 6.x-2.0 |
||
md-systems simplenews 6.x-2.x |
||
md-systems simplenews 7.x-1.0 |