CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 1CVE-2007-6301 – OpenNewsletter 2.5 - 'Compose.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6301
10 Dec 2007 — Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en compose.php de OpenNewsletter 2.5 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro type. • https://www.exploit-db.com/exploits/30853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 2CVE-2006-6785 – open NewsLetter 2.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6785
28 Dec 2006 — The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability. Las secuencias de comandos (1) settings.php y (2) subscribers.php en Open Newsletter 2.5 y anteriores no terminan cuando la autenticación falla, lo que permite a atacantes remotos ejecutar acciones administrativas no autorizadas, o ejecut... • https://www.exploit-db.com/exploits/2981 •
CVSS: 7.2EPSS: 2%CPEs: 2EXPL: 2CVE-2006-6786 – open NewsLetter 2.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6786
28 Dec 2006 — Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php. Open Newsletter 2.5 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección insertando él código en el parámetro email de (1) subscribe.php o (2) unsubscribe.php. • https://www.exploit-db.com/exploits/2981 •