Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

The CAPTCHA of the extension can be bypassed which may result in automated creation of various newsletter subscribers. It is possible to provide arbitrary subscription UIDs to the deleteAction of the extension resulting in all newsletter subscribers to be unsubscribed. Insufficient access checks ...

talk.devuan.org XSS vulnerability

Vulnerable URL: https://talk.devuan.org/email/[email protected]%27%22%3E%3Csvg/onload=alert/openbugbounty/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...

discourse.appsoluut.com XSS vulnerability

Vulnerable URL: https://discourse.appsoluut.com/email/[email protected]%27%22%3E%3Csvg/onload=alert/openbugbounty/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank...

Nextcloud: Enumeration of subscribed users and unauthenticated email unsubscriptions on https://newsletter.nextcloud.com/?p=unsubscribe

Hello, The mentioned URL contains a form that, when supplied correct user emails, unsubscribes users from the newsletters they're subscribed to. If the user is not subscribed, the form returns a message that says that the user is not subscribed if this is the case. Regards...