Vulnerabilities > Sendinblue > Newsletter Smtp Email Marketing AND Subscribe > 3.1.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-04 | CVE-2024-35668 | Cross-site Scripting vulnerability in Sendinblue Newsletter, Smtp, Email Marketing and Subscribe Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.77. | 6.1 |
2023-06-05 | CVE-2023-2472 | Unspecified vulnerability in Sendinblue Newsletter, Smtp, Email Marketing and Subscribe The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |