CVE-2023-27922
published 2023-05-23CVE-2023-27922: Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.20%
64.3th percentile
Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stefano_lissa_the_newsletter_team | newsletter | — | — |
| thenewsletterplugin | newsletter | < 7.6.9 | 7.6.9 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Newsletter < 7.6.9 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-27922 [MEDIUM] Newsletter < 7.6.9 - Cross-Site Scripting
Newsletter alert(document_domain)")'
condition: and
# digest: 4a0a00473045022100932b83adb760a7acc112b528607f5cd0acacba4478b9cd5589edd9a1dbb3ee7f02206bc812122ff2625e2c6287078d8bbcac69c59c6f306ea51a29b7b93849e0ee70:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2023-05-23
Published