CVE-2023-28733

Description

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

AcyMailing / Newsletter Plugin for Joomla in the Enterprise version0 – 8.3.0

References

MISChttps://www.acymailing.com/change-log/
VENDOR_ADVISORYhttps://www.bugbounty.ch/advisories/CVE-2023-28733