CVSS: 5.3EPSS: 1%CPEs: 24EXPL: 0CVE-2012-2724
https://notcve.org/view.php?id=CVE-2012-2724
09 Jan 2020 — The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page. El módulo Simplenews versiones 6.x-1.x anteriores a 6.x-1.4, versiones 6.x-2.x anteriores a 6.x-2.0-alpha4 y versiones 7.x-1.x anteriores a 7.x-1.0-rc1 para Drupal, revela las direcciones de correo electrónico de ... • http://drupal.org/node/1619812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4447
https://notcve.org/view.php?id=CVE-2013-4447
01 Nov 2013 — Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address. Vulnerabilidad Cross-site scripting (XSS) en el API del módulo Simplenews 6.x-1.x anterior a 6.x-1.5 y 7.x-1.x anterior a 7.x-1.1 para Drupal que permite a atacantes remotos inyectar secuencias arbitraria de comandos web o HTML a través de una dirección de correo electrónico. • http://osvdb.org/98628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2008-5996
https://notcve.org/view.php?id=CVE-2008-5996
28 Jan 2009 — Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Simplenews v5.x anterior a v5.x-1.5 y v6.x previo a v6.x-1.0-beta4, para Drupal, permite a usuarios autenticados remotamente con "adminis... • http://drupal.org/node/312944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •