3 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en compose.php de OpenNewsletter 2.5 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro type. • https://www.exploit-db.com/exploits/30853 http://secunia.com/advisories/27966 http://securityreason.com/securityalert/3427 http://www.securityfocus.com/archive/1/484680/100/0/threaded http://www.securityfocus.com/archive/1/484687/100/0/threaded http://www.securityfocus.com/bid/26745 https://exchange.xforce.ibmcloud.com/vulnerabilities/38902 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2

Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php. Open Newsletter 2.5 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección insertando él código en el parámetro email de (1) subscribe.php o (2) unsubscribe.php. • https://www.exploit-db.com/exploits/2981 http://www.securityfocus.com/bid/21775 •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2

The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability. Las secuencias de comandos (1) settings.php y (2) subscribers.php en Open Newsletter 2.5 y anteriores no terminan cuando la autenticación falla, lo que permite a atacantes remotos ejecutar acciones administrativas no autorizadas, o ejecutar código de su elección en conjunción con otra vulnerabilidad. • https://www.exploit-db.com/exploits/2981 http://secunia.com/advisories/23476 http://www.securityfocus.com/bid/21775 •