12 results (0.003 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento AcyMailing Newsletter Team AcyMailing en versiones &lt;= 8.6.2. The AcyMailing SMTP Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 8.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/acymailing/wordpress-acymailing-plugin-8-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web en el componente AcyMailing Enterprise para Joomla permite Cross-Site Scripting (XSS). Este problema afecta al componente AcyMailing Enterprise para Joomla: 6.7.0-8.6.3. • https://extensions.joomla.org/extension/acymailing-starter https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list. Vulnerabilidad de exposición de información sensible en el componente AcyMailing Enterprise para Joomla. Permite a actores no autorizados obtener el número de suscriptores de una lista específica. • https://extensions.joomla.org/extension/acymailing-starter https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists. Vulnerabilidad de control de acceso inadecuado en el componente AcyMailing Enterprise para Joomla. Permite a usuarios no autorizados crear nuevas listas de correo. • https://extensions.joomla.org/extension/acymailing-starter https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns. Vulnerabilidad de control de acceso inadecuado en el componente AcyMailing Enterprise para Joomla. Permite la eliminación no autorizada de archivos adjuntos de las campañas. • https://extensions.joomla.org/extension/acymailing-starter https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates • CWE-284: Improper Access Control •