5 matches found
CVE-2012-6628
Multiple cross-site scripting XSS vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 xyzemcampName to admin/createcampaign.php or 2 admin/editcampaign.php, 3 xyzememail parameter to admin/editemail.ph...
CVE-2012-6627
Cross-site scripting XSS vulnerability in admin/testmail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2012-6628
Multiple cross-site scripting XSS vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 xyzemcampName to admin/createcampaign.php or 2 admin/editcampaign.php, 3 xyzememail parameter to admin/editemail.ph...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change an email address or 2 conduct script insertion attacks. NOTE: the provenance o...
CVE-2012-6628
CVE-2012-6628 reports multiple cross-site scripting (XSS) vulnerabilities in the WordPress Newsletter Manager plugin before 1.0.2. The issue allows remote attackers to inject arbitrary script/HTML via one of five vectors: (1) xyz_em_campName to admin/create_campaign.php, (2) xyz_em_campName to ad...