Lucene search
K
SuperwebmailerSuperwebmailer

8 matches found

CVE
CVE
added 2024/02/07 12:0 a.m.97 views

CVE-2024-24131

CVE-2024-24131 affects SuperWebMailer, specifically version 9.31.0.01799, with a reflected cross-site scripting (XSS) vulnerability in the api.php component. The vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in a victim’s browser, potentially enabling cookie or se...

6.1CVSS6AI score0.00924EPSS
CVE
CVE
added 2023/10/21 12:0 a.m.75 views

CVE-2023-38192

CVE-2023-38192: SuperWebMailer 9.00.0.01710 contains a cross-site scripting (XSS) flaw in superadmincreate.php that can be triggered by crafted incorrect passwords. The issue is documented as an XSS risk with potential impact including unauthorized access or data theft per related sources. The pr...

6.1CVSS5.9AI score0.01116EPSS
In wild
CVE
CVE
added 2020/07/14 7:16 p.m.73 views

CVE-2020-11546

SuperWebMailer CVE-2020-11546 affects version 7.21.0.01526. The vulnerability is a remote code execution in the Language parameter of mailingupgrade.php that allows an unauthenticated attacker to execute arbitrary PHP code via Code Injection. The NVD entry rates the impact as high/critical (CVSS ...

9.8CVSS9.9AI score0.3173EPSS
In wild
CVE
CVE
added 2023/10/21 12:0 a.m.63 views

CVE-2023-38194

SuperWebMailer (v9.00.0.01710) is affected by a Cross-Site Scripting (XSS) in keepalive.php achievable via a GET parameter. Root cause: insufficient input validation and lack of proper output encoding in that script. Impact: could allow attackers to execute malicious scripts in a user’s browser, ...

6.1CVSS5.8AI score0.0114EPSS
CVE
CVE
added 2015/03/19 2:0 p.m.53 views

CVE-2015-2349

The CVE-2015-2349 entry describes a cross-site scripting (XSS) vulnerability in SuperWebMailer’s defaultnewsletter.php affecting version 5.60.0.01190 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML through the HTMLForm parameter, enabling script execution in a...

4.3CVSS5.9AI score0.01927EPSS
CVE
CVE
added 2023/10/21 12:0 a.m.47 views

CVE-2023-38193

CVE-2023-38193 affects SuperWebMailer 9.00.0.01710, where a crafted sendmail command line allows Remote Code Execution. The NVD entry assigns CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 8.8), indicating high impact with network access, low privileges required, and no user inte...

8.8CVSS8.8AI score0.01286EPSS
CVE
CVE
added 2023/10/21 12:0 a.m.44 views

CVE-2023-38190

CVE-2023-38190 affects SuperWebMailer 9.00.0.01710. The issue is an Export SQL Injection via the size parameter in the affected application. Root cause: exploitable SQL injection in the parameterized export flow, allowing an attacker to inject SQL commands. Impact per sources: data exposure, modi...

8.8CVSS9.1AI score0.00665EPSS
CVE
CVE
added 2023/10/20 12:0 a.m.40 views

CVE-2023-38191

CVE-2023-38191 affects SuperWebMailer 9.00.0.01710, where an XSS flaw exists in spamtest_external.php triggered by a crafted filename. The issue is documented across multiple sources (NVD/Red Hat/CVE listings and related advisories) as a Cross-Site Scripting vulnerability in the spamtest_external...

6.1CVSS5.8AI score0.00482EPSS