8 matches found
CVE-2024-24131
CVE-2024-24131 affects SuperWebMailer, specifically version 9.31.0.01799, with a reflected cross-site scripting (XSS) vulnerability in the api.php component. The vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in a victim’s browser, potentially enabling cookie or se...
CVE-2023-38192
CVE-2023-38192: SuperWebMailer 9.00.0.01710 contains a cross-site scripting (XSS) flaw in superadmincreate.php that can be triggered by crafted incorrect passwords. The issue is documented as an XSS risk with potential impact including unauthorized access or data theft per related sources. The pr...
CVE-2020-11546
SuperWebMailer CVE-2020-11546 affects version 7.21.0.01526. The vulnerability is a remote code execution in the Language parameter of mailingupgrade.php that allows an unauthenticated attacker to execute arbitrary PHP code via Code Injection. The NVD entry rates the impact as high/critical (CVSS ...
CVE-2023-38194
SuperWebMailer (v9.00.0.01710) is affected by a Cross-Site Scripting (XSS) in keepalive.php achievable via a GET parameter. Root cause: insufficient input validation and lack of proper output encoding in that script. Impact: could allow attackers to execute malicious scripts in a user’s browser, ...
CVE-2015-2349
The CVE-2015-2349 entry describes a cross-site scripting (XSS) vulnerability in SuperWebMailer’s defaultnewsletter.php affecting version 5.60.0.01190 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML through the HTMLForm parameter, enabling script execution in a...
CVE-2023-38193
CVE-2023-38193 affects SuperWebMailer 9.00.0.01710, where a crafted sendmail command line allows Remote Code Execution. The NVD entry assigns CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8), indicating high impact with network access, low privileges required, and no user inte...
CVE-2023-38190
CVE-2023-38190 affects SuperWebMailer 9.00.0.01710. The issue is an Export SQL Injection via the size parameter in the affected application. Root cause: exploitable SQL injection in the parameterized export flow, allowing an attacker to inject SQL commands. Impact per sources: data exposure, modi...
CVE-2023-38191
CVE-2023-38191 affects SuperWebMailer 9.00.0.01710, where an XSS flaw exists in spamtest_external.php triggered by a crafted filename. The issue is documented across multiple sources (NVD/Red Hat/CVE listings and related advisories) as a Cross-Site Scripting vulnerability in the spamtest_external...