CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10028 – EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting
https://notcve.org/view.php?id=CVE-2013-10028
A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. • https://github.com/wp-plugins/eelv-newsletter/commit/3339b42316c5edf73e56eb209b6a3bb3e868d6ed https://vuldb.com/?ctiid.230660 https://vuldb.com/?id.230660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6301 – OpenNewsletter 2.5 - 'Compose.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6301
Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en compose.php de OpenNewsletter 2.5 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro type. • https://www.exploit-db.com/exploits/30853 http://secunia.com/advisories/27966 http://securityreason.com/securityalert/3427 http://www.securityfocus.com/archive/1/484680/100/0/threaded http://www.securityfocus.com/archive/1/484687/100/0/threaded http://www.securityfocus.com/bid/26745 https://exchange.xforce.ibmcloud.com/vulnerabilities/38902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2006-6786 – open NewsLetter 2.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6786
Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php. Open Newsletter 2.5 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección insertando él código en el parámetro email de (1) subscribe.php o (2) unsubscribe.php. • https://www.exploit-db.com/exploits/2981 http://www.securityfocus.com/bid/21775 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2006-6785 – open NewsLetter 2.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6785
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability. Las secuencias de comandos (1) settings.php y (2) subscribers.php en Open Newsletter 2.5 y anteriores no terminan cuando la autenticación falla, lo que permite a atacantes remotos ejecutar acciones administrativas no autorizadas, o ejecutar código de su elección en conjunción con otra vulnerabilidad. • https://www.exploit-db.com/exploits/2981 http://secunia.com/advisories/23476 http://www.securityfocus.com/bid/21775 •