Code injection

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron...

CVE-2012-5537

The vulnerability CVE-2012-5537 affects the Simplenews Scheduler module for Drupal (6.x-2.x series) prior to 6.x-2.4. An authenticated user with the 'send scheduled newsletters' permission can inject arbitrary PHP code into the scheduling form, which is later executed by cron, enabling code execu...

CVE-2012-5537

The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron...

SA-CONTRIB-2012-095 - Simplenews - Information Disclosure

Simplenews publishes and sends newsletters. When subscribing to a Simplenews mailing list, confirmation may be required, and Simplenews may disclose the user's e-mail address on the confirmation page. Further, due to the absence of a noindex tag, the list of e-mail addresses can subsequently be...

SA-CONTRIB-2010-089 - Simplenews Content Selection - Cross Site Scripting

This module allows you to select content from your website and send a newsletter with the selected content. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full...

SA-CONTRIB-2010-055 - Simplenews - Access bypass

Simplenews publishes and sends email newsletters to lists of subscribers, with both anonymous and authenticated users being able to opt-in to mailing lists. The user subscription form does not use the correct access permission resulting in any user with the permission 'subscribe to newsletters'...

CVE-2009-3783

Cross-site scripting XSS vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector...

Open redirect

Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors...

CVE-2009-3784

Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2009-3785

Multiple cross-site request forgery CSRF vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector...

CVE-2009-3784

CVE-2009-3784 corresponds to an open redirect flaw in the Simplenews Statistics Drupal module (6.x) prior to 6.x-2.0. The vulnerability allows remote attackers to redirect users to arbitrary websites, enabling phishing-style attacks via unspecified vectors. Affected product/label: Drupal module S...

CVE-2009-3784

Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2009-3783

Cross-site scripting XSS vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector...

CVE-2009-3783

CVE-2009-3783 affects the Drupal module Simplenews Statistics (6.x) prior to 6.x-2.0. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via an unspecified vector. The base CVSS v2 score is 4.3 (Medium) with no confidentiali...

CVE-2009-3785

CVE-2009-3785 involves multiple CSRF vulnerabilities in the Drupal module Simplenews Statistics (6.x prior to 6.x-2.0). The NVD entry describes that remote attackers can hijack the authentication of arbitrary users via unknown vectors, affecting modules used with Drupal. The NVD metrics assign a ...

CVE-2009-3785

Multiple cross-site request forgery CSRF vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors...

Drupal SA-CONTRIB-2009-080: Simplenews Statistics Open Redirect

The version of Drupal running on the remote web server includes the third-party Simplenews Statistics module, which provides newsletter statistics such as open and click-through rates. The version of Simplenews Statistics installed contains an open redirect, which can be used in a phishing attack...

SA-CONTRIB-2009-080 - Simplenews Statistics - Multiple vulnerabilities

The Simplenews Statistics module provides newsletter statistics such as the open rate and CTR click-through rate. The module suffers multiple vulnerabilities, including Cross Site Request Forgeries CSRF, Cross Site Scripting problem Cross Site Scripting and Open Redirect. This problem allows an...