12 matches found
EUVD-2021-8157
Malicious code in bioql PyPI...
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...
CVE-2024-8628 Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin <= 1.2.70.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all versions up to, and including, 1.2.70.3 due to insufficient input sanitization and output escaping o...
Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation < 2.16.2 - Contributor+ Stored Cross-Site Scripting
Description The Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘campaignid’ parameter in versions up to, and including, 2.16.1 due to insufficient input sanitization and...
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...
Cross site scripting
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...
CVE-2021-20743
CVE-2021-20743 is a cross-site scripting vulnerability in the EC-CUBE Email newsletters management plugin for EC-CUBE 3.0.x, prior to plugin version 1.0.4 . The issue allows a remote attacker to cause an arbitrary script to run in a user’s browser by guiding them to a specially crafted page and p...
CVE-2021-20743
Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...
JVN#57524494: Multiple cross-site scripting vulnerabilities in multiple EC-CUBE plugins provided by EC-CUBE
Multiple EC-CUBE plugins provided by EC-CUBE CO.,LTD. contain multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20742 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L| Base Score: 7.1 CVSS v2|...
CVE-2020-5767
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link...
MilkyStep vulnerable to cross-site scripting
Overview MilkyStep provided by Igreks Inc. contains a cross-site scripting vulnerability. MilkyStep provided by Igreks Inc. is a CGI for e-mail newsletter distribution management. MilkyStep contains a cross-site scripting vulnerability CWE-79. Kusano Kazuhiko reported this vulnerability to IPA...
SA-CONTRIB-2012-146 - Simplenews Scheduler - Arbitrary code execution
The Simplenews Scheduler module provides a system for creating automatic email newsletters. These can be set to be sent at a fixed interval, or PHP code can be entered to evaluate a condition for a new newsletter issue to be sent. The module allows a user with the 'send scheduled newsletters'...