Vulnerabilities > Open Newsletter

DATE	CVE	VULNERABILITY TITLE	RISK
2007-12-10	CVE-2007-6301	Cross-Site Scripting vulnerability in Open Newsletter Open Newsletter Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. network open-newsletter CWE-79	4.3
2006-12-28	CVE-2006-6786	Authentication Bypass vulnerability in Open Newsletter Open Newsletter 2.0 Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php. network low complexity open-newsletter	6.5
2006-12-28	CVE-2006-6785	Authentication Bypass vulnerability in Open Newsletter Open Newsletter 2.0 The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability. network low complexity open-newsletter	7.5

Vulnerabilities > Open Newsletter {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Open Newsletter"}]}