1. CVE-Search
  2. CVE-2021-24288
ID CVE-2021-24288
Summary When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
References
Vulnerable Configurations
  • cpe:2.3:a:acymailing:acymailing:-:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:-:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.8.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.8.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.9.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.9.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.9.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.9.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.9.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.9.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.10.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.10.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.10.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.10.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.10.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.10.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.10.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.10.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.11.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.11.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.11.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.11.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.12.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.12.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.12.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.12.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.13.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.13.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.13.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.13.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.13.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.13.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.13.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.13.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.14.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.14.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.14.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.14.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.15.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.15.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.15.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.15.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.16.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.16.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.16.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.16.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.16.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.16.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.16.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.16.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.16.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.16.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.17.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.17.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.17.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.17.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.18.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.18.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.18.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.18.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.18.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.18.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.18.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.18.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.19.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.19.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.19.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.19.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.19.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.19.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:6.19.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:6.19.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.0.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.0.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.0.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.0.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.0.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.0.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.0.3:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.0.3:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.0.4:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.0.4:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.1.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.1.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.1.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.1.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.1.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.1.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.2.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.2.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.2.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.2.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.2.2:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.2.2:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.3.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.3.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.3.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.3.1:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.4.0:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.4.0:*:*:*:*:wordpress:*:*
  • cpe:2.3:a:acymailing:acymailing:7.4.1:*:*:*:*:wordpress:*:*
    cpe:2.3:a:acymailing:acymailing:7.4.1:*:*:*:*:wordpress:*:*
CVSS
Base: 5.8 (as of 25-05-2021 - 14:43)
Impact:
Exploitability:
CWE CWE-601
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
Last major update 25-05-2021 - 14:43
Published 17-05-2021 - 17:15
Last modified 25-05-2021 - 14:43
Back to Top