CVE-2023-28733 - Vulnerability Details - OpenCVE

Description

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office.

This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.

Published: 2023-03-30

Score: 7.2 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AcyMailing

Newsletter Plugin for Joomla in the Enterprise version

unaffected

Version	Status	Constraints
`0`	affected	< 8.3.0

Configuration 1 [-]

cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:joomla\!:*:*

No data.

No data available yet.

Remediation

Vendor Solution

update to a fixed version (>= 8.3.0)

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-32371	AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00157.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://www.acymailing.com/change-log/
https://www.bugbounty.ch/advisories/CVE-2023-28733

History

Tue, 11 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Acymailing Acymailing

MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2023-03-30T11:27:40.884Z

Updated: 2025-02-11T19:17:17.402Z

Reserved: 2023-03-22T09:53:07.889Z

Link: CVE-2023-28733

Vulnrichment

Updated: 2024-08-02T13:51:37.319Z

NVD

Status : Modified

Published: 2023-03-30T12:15:07.663

Modified: 2024-11-21T07:55:53.763

Link: CVE-2023-28733

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28733", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2023-03-22T09:53:07.889Z", "datePublished": "2023-03-30T11:27:40.884Z", "dateUpdated": "2025-02-11T19:17:17.402Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Newsletter Plugin for Joomla in the Enterprise version ", "vendor": "AcyMailing", "versions": [{"lessThan": "8.3.0", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rapha\u00ebl Arrouas (Xel)"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "Bug Bounty Switzerland"}], "datePublic": "2023-03-30T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. </p><div><div><p>This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. <br></p></div><div></div></div>"}], "value": "AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. \n\nThis issue affects AnyMailing Joomla Plugin\u00a0Enterprise in versions below 8.3.0. \n\n\n\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}, {"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2023-03-30T11:27:40.884Z"}, "references": [{"url": "https://www.acymailing.com/change-log/"}, {"url": "https://www.bugbounty.ch/advisories/CVE-2023-28733"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>update to a fixed version (>= 8.3.0)</p>"}], "value": "update to a fixed version (>= 8.3.0)\n\n"}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2023-02-06T11:00:00.000Z", "value": "Reported"}, {"lang": "en", "time": "2023-03-09T11:00:00.000Z", "value": "Initial vendor notification"}, {"lang": "en", "time": "2023-03-10T11:00:00.000Z", "value": "Initial vendor response"}, {"lang": "en", "time": "2023-03-20T11:00:00.000Z", "value": "Releasion of fixed version"}, {"lang": "en", "time": "2023-03-30T10:00:00.000Z", "value": "Coordinated public disclosure"}], "title": "Stored XSS affecting the AcyMailing plugin for Joomla ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:37.319Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.acymailing.com/change-log/", "tags": ["x_transferred"]}, {"url": "https://www.bugbounty.ch/advisories/CVE-2023-28733", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T19:17:01.611706Z", "id": "CVE-2023-28733", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T19:17:17.402Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.acymailing.com/change-log/", "tags": ["x_transferred"]}, {"url": "https://www.bugbounty.ch/advisories/CVE-2023-28733", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:51:37.319Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28733", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-11T19:17:01.611706Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T19:16:43.866Z"}}], "cna": {"title": "Stored XSS affecting the AcyMailing plugin for Joomla ", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rapha\u00ebl Arrouas (Xel)"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "Bug Bounty Switzerland"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}, {"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AcyMailing", "product": "Newsletter Plugin for Joomla in the Enterprise version ", "versions": [{"status": "affected", "version": "0", "lessThan": "8.3.0", "versionType": "git"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-02-06T11:00:00.000Z", "value": "Reported"}, {"lang": "en", "time": "2023-03-09T11:00:00.000Z", "value": "Initial vendor notification"}, {"lang": "en", "time": "2023-03-10T11:00:00.000Z", "value": "Initial vendor response"}, {"lang": "en", "time": "2023-03-20T11:00:00.000Z", "value": "Releasion of fixed version"}, {"lang": "en", "time": "2023-03-30T10:00:00.000Z", "value": "Coordinated public disclosure"}], "solutions": [{"lang": "en", "value": "update to a fixed version (>= 8.3.0)\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>update to a fixed version (>= 8.3.0)</p>", "base64": false}]}], "datePublic": "2023-03-30T10:00:00.000Z", "references": [{"url": "https://www.acymailing.com/change-log/"}, {"url": "https://www.bugbounty.ch/advisories/CVE-2023-28733"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. \n\nThis issue affects AnyMailing Joomla Plugin\u00a0Enterprise in versions below 8.3.0. \n\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. </p><div><div><p>This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. <br></p></div><div></div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2023-03-30T11:27:40.884Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28733", "state": "PUBLISHED", "dateUpdated": "2025-02-11T19:17:17.402Z", "dateReserved": "2023-03-22T09:53:07.889Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2023-03-30T11:27:40.884Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:joomla\\!:*:*", "matchCriteriaId": "42A293DB-98EF-464D-BF05-6E47C6EED94C", "versionEndExcluding": "8.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. \n\nThis issue affects AnyMailing Joomla Plugin\u00a0Enterprise in versions below 8.3.0. \n\n\n\n\n\n\n\n\n"}], "id": "CVE-2023-28733", "lastModified": "2024-11-21T07:55:53.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "vulnerability@ncsc.ch", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-30T12:15:07.663", "references": [{"source": "vulnerability@ncsc.ch", "tags": ["Release Notes"], "url": "https://www.acymailing.com/change-log/"}, {"source": "vulnerability@ncsc.ch", "tags": ["Third Party Advisory"], "url": "https://www.bugbounty.ch/advisories/CVE-2023-28733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.acymailing.com/change-log/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.bugbounty.ch/advisories/CVE-2023-28733"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-116"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}