PT-2023-10015 · Unknown · Mail Subscribe List Plugin
Published
2023-05-02
·
Updated
2024-05-17
·
CVE-2013-10026
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mail Subscribe List Plugin versions up to 2.0.10
Description
The issue affects some unknown processing of the file index.php. The manipulation of the argument
sml name/sml email leads to cross site scripting. The attack may be initiated remotely.Recommendations
For Mail Subscribe List Plugin versions up to 2.0.10, upgrade to version 2.1 to address this issue. As a temporary workaround, consider restricting the use of the
sml name and sml email arguments in the affected component until a patch is available.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mail Subscribe List Plugin