Description
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.
References (2)
Core 2
Core References
Release Notes
https://www.acymailing.com/change-log/
Third Party Advisory
https://www.bugbounty.ch/advisories/CVE-2023-28733
Scores
CVSS v3
7.2
EPSS
0.0037
EPSS Percentile
28.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
CWE-79
CWE-116
Status
published
Products (1)
acymailing/acymailing
< 8.3.0
Published
Mar 30, 2023
Tracked Since
Feb 18, 2026