CVE-2018-0602 — Cross-site Scripting in Subscribers Newsletters Project Email Subscribers Newsletters

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 51.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Email Subscribers Newsletters Project Email Subscribers Newsletters Icegram Email Subscribers Newsletters

Timeline

PublishedJun 26

Latest updateMay 13

Description

Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDemail_subscribers_newsletters_project/email_subscribers_newsletters< 3.5.0

▶CVEListV5icegram/email_subscribers_newslettersprior to version 3.5.0

🔴Vulnerability Details

GHSA

GHSA-px86-v26g-q568: Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3↗2022-05-13

▶

CVEList

CVE-2018-0602: Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3↗2018-06-26

▶