CVE-2023-28733: Stored XSS affecting the AcyMailing plugin for Joomla
First published: Thu Mar 30 2023(Updated: )
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
Credit: vulnerability@ncsc.ch
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phlymail | <8.3.0 |
Remedy
update to a fixed version (>= 8.3.0)
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28733?
CVE-2023-28733 is a vulnerability where AnyMailing Joomla Plugin is vulnerable to stored cross-site scripting (XSS) in templates and emails of AcyMailing.
How severe is CVE-2023-28733?
CVE-2023-28733 has a severity level of 6.1 (high).
What software versions are affected by CVE-2023-28733?
The AnyMailing Joomla Plugin Enterprise versions below 8.3.0 are affected by CVE-2023-28733.
How can CVE-2023-28733 be exploited?
CVE-2023-28733 can be exploited without authentication when access is granted to the campaign's creation on the front-office.
Is there a fix available for CVE-2023-28733?
Yes, upgrading to AnyMailing Joomla Plugin Enterprise version 8.3.0 or above will fix CVE-2023-28733.
- agent/references
- agent/type
- agent/severity
- agent/title
- agent/remedy
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/acymailing
- canonical/phlymail