Md-systems » Simplenews : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address.
Max CVSS
4.3
EPSS Score
0.28%
Published
2013-11-01
Updated
2017-08-29
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
Max CVSS
5.3
EPSS Score
0.99%
Published
2020-01-09
Updated
2020-01-28
2 vulnerabilities found