Vulnerabilites related to acymailing.com - AcyMailing Enterprise component for Joomla
CVE-2023-39971 (GCVE-0-2023-39971)
Vulnerability from cvelistv5
Published
2023-08-17 20:06
Modified
2024-10-20 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acymailing.com | AcyMailing Enterprise component for Joomla |
Version: 6.7.0-8.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:09:01.484633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:11:36.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
"defaultStatus": "unaffected",
"packageName": "com_acymailing",
"product": "AcyMailing Enterprise component for Joomla",
"vendor": "acymailing.com",
"versions": [
{
"status": "affected",
"version": "6.7.0-8.6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T04:33:27.361Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - acymailing.com - XSS in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-39971",
"datePublished": "2023-08-17T20:06:40.974Z",
"dateReserved": "2023-08-07T16:52:01.494Z",
"dateUpdated": "2024-10-20T04:33:27.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39974 (GCVE-0-2023-39974)
Vulnerability from cvelistv5
Published
2023-08-17 20:06
Modified
2024-10-20 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acymailing.com | AcyMailing Enterprise component for Joomla |
Version: 6.7.0-8.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T19:47:55.762491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:48:05.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
"defaultStatus": "unaffected",
"packageName": "com_acymailing",
"product": "AcyMailing Enterprise component for Joomla",
"vendor": "acymailing.com",
"versions": [
{
"status": "affected",
"version": "6.7.0-8.6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list."
}
],
"value": "Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T04:33:25.578Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - acymailing.com - Exposure of Sensitive Information in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-39974",
"datePublished": "2023-08-17T20:06:39.321Z",
"dateReserved": "2023-08-07T16:52:01.494Z",
"dateUpdated": "2024-10-20T04:33:25.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39973 (GCVE-0-2023-39973)
Vulnerability from cvelistv5
Published
2023-08-17 20:06
Modified
2024-10-20 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acymailing.com | AcyMailing Enterprise component for Joomla |
Version: 6.7.0-8.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T19:49:07.081674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:49:14.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
"defaultStatus": "unaffected",
"packageName": "com_acymailing",
"product": "AcyMailing Enterprise component for Joomla",
"vendor": "acymailing.com",
"versions": [
{
"status": "affected",
"version": "6.7.0-8.6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns."
}
],
"value": "Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T04:33:20.343Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-39973",
"datePublished": "2023-08-17T20:06:35.442Z",
"dateReserved": "2023-08-07T16:52:01.494Z",
"dateUpdated": "2024-10-20T04:33:20.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39972 (GCVE-0-2023-39972)
Vulnerability from cvelistv5
Published
2023-08-17 20:06
Modified
2024-10-20 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| acymailing.com | AcyMailing Enterprise component for Joomla |
Version: 6.7.0-8.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"product",
"x_transferred"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T19:48:33.885440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:48:41.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://extensions.joomla.org/extension/acymailing-starter/",
"defaultStatus": "unaffected",
"packageName": "com_acymailing",
"product": "AcyMailing Enterprise component for Joomla",
"vendor": "acymailing.com",
"versions": [
{
"status": "affected",
"version": "6.7.0-8.6.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joomla Security Strike Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists."
}
],
"value": "Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized users to create new mailing lists."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-20T04:33:20.711Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://extensions.joomla.org/extension/acymailing-starter/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.acymailing.com/acymailing-release-security-%F0%9F%94%90-news-updates/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - acymailing.com - Improper Access Control in AcyMailing Enterprise component for Joomla 6.7.0-8.6.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2023-39972",
"datePublished": "2023-08-17T20:06:39.150Z",
"dateReserved": "2023-08-07T16:52:01.494Z",
"dateUpdated": "2024-10-20T04:33:20.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}