CVE-2013-10028

Name of the Vulnerable Software and Affected Versions EELV Newsletter Plugin versions 2.x

Description The issue exists due to inadequate protection of the web page structure in the style newsletter function of the lettreinfo.php file. This can be exploited by a remote attacker to conduct cross-site scripting attacks by manipulating the email argument. The attack may be launched remotely.

Recommendations For EELV Newsletter Plugin version 2.x, it is recommended to upgrade the affected component to a version that includes the patch 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. As a temporary workaround, consider restricting access to the style newsletter function in the lettreinfo.php file until a patch is available. Avoid using the email argument in the affected function until the issue is resolved.