Skip to main content

Acymailing CVE-2023-28733

MEDIUM
Improper Input Validation (CWE-20)
2023-03-30 vulnerability@ncsc.ch
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 30, 2023 - 12:15 nvd
MEDIUM 6.1

DescriptionNVD

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office.

This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.

AnalysisAI

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office.3.0. Affected products include: Acymailing.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-28731 CRITICAL POC
9.8 Mar 30

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campai

CVE-2018-9107 HIGH POC
8.8 Mar 28

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing exte

CVE-2021-24288 MEDIUM POC
6.1 May 17

When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Rated medium severity (CVSS 6.1),

CVE-2024-7384 HIGH
8.8 Aug 22

The AcyMailing - An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is v

CVE-2023-28732 HIGH
7.5 Mar 30

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from

CVE-2020-10934 HIGH
7.2 Mar 24

Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. Rated high severity (CVSS 7.2), this vulnerability is r

CVE-2023-41867 MEDIUM
6.1 Sep 25

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low at

CVE-2023-39971 MEDIUM
6.1 Aug 17

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla

CVE-2023-39974 MEDIUM
5.3 Aug 17

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CV

CVE-2023-39973 MEDIUM
4.3 Aug 17

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), t

CVE-2023-39972 MEDIUM
4.3 Aug 17

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), t

Share

CVE-2023-28733 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy