Vulnerabilities > Sendinblue > Newsletter Smtp Email Marketing AND Subscribe > 3.1.7

DATE	CVE	VULNERABILITY TITLE	RISK
2024-06-04	CVE-2024-35668	Cross-site Scripting vulnerability in Sendinblue Newsletter, Smtp, Email Marketing and Subscribe Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.77. network low complexity sendinblue CWE-79	6.1
2023-06-05	CVE-2023-2472	Unspecified vulnerability in Sendinblue Newsletter, Smtp, Email Marketing and Subscribe The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin network low complexity sendinblue	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.