6.1
CVE-2013-10028
- EPSS 0.55%
- Veröffentlicht 04.06.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 01:48:42
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginEELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting
EELV Newsletter <= 3.3.0 - Reflected Cross-Site Scripting
A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660.
Mögliche Gegenmaßnahme
EELV Newsletter: Update to version 3.3.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eelv Newsletter Project ≫ Eelv Newsletter SwPlatformwordpress Version >= 2.6 <= 2.9.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
EELV Newsletter
Version
*-3.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.414 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| cna@vuldb.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/wp-plugins/eelv-newsletter/commit/3339b42316c5edf73e56eb209b6a3bb3e868d6ed
https://vuldb.com/?ctiid.230660
https://vuldb.com/?id.230660
https://www.wordfence.com/threat-intel/vulnerabilities/id/4013a22a-701b-43ef-90fb-f8eddf65acf2