Описание
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office.
This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
Ссылки
- Release Notes
- Third Party Advisory
- Release Notes
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.3.0 (исключая)
cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:joomla\!:*:*
EPSS
Процентиль: 37%
0.00157
Низкий
7.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-20
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
EPSS
Процентиль: 37%
0.00157
Низкий
7.2 High
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-20
CWE-79