Lucene search

Superwebmailer Security Vulnerabilities

cve

CVE-2015-2349

Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in SuperWebMailer 5.60.0.01190 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTMLForm parameter.

5.9AI Score

0.002EPSS

2015-03-19 02:59 PM

cve

CVE-2020-11546

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.

9.8CVSS

9.9AI Score

0.967EPSS

2020-07-14 08:15 PM

cve

CVE-2023-38190

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter.

8.8CVSS

9.1AI Score

0.001EPSS

2023-10-21 01:15 AM

cve

CVE-2023-38191

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename.

6.1CVSS

5.8AI Score

0.001EPSS

2023-10-20 10:15 PM

cve

CVE-2023-38192

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.

6.1CVSS

5.9AI Score

0.001EPSS

2023-10-21 01:15 AM

cve

CVE-2023-38193

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.

8.8CVSS

8.8AI Score

0.002EPSS

2023-10-21 01:15 AM

cve

CVE-2023-38194

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.

6.1CVSS

5.8AI Score

0.001EPSS

2023-10-21 01:15 AM

cve

CVE-2024-24131

SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.

6.1CVSS

6AI Score

0.001EPSS

2024-02-07 02:15 PM