Advisory CVE-2023-28733, Stored XSS affecting the AcyMailing plugin for Joomla

CVE ID: CVE-2023-28733 

Vendor: AcyMailing 

Product: Newsletter Plugin for Joomla in the Enterprise version 

Title: Stored XSS affecting the AcyMailing plugin for Joomla 

Vulnerable Versions: < 8.3.0 

 

Problem Type (CWE): 

Impacts (CAPEC): 

 

CVSS 3.1 

 

References 

 

CVE Description: 

Introduction: 

AcyMailing is a newsletter and email marketing plugin available for Joomla and WordPress. 

 

The vulnerability: 

Stored cross site scripting (XSS) in templates and emails of AcyMailing, unauthenticated when being granted access to the campaign’s creation on front-office. 

This issue affects AnyMailing Joomla Plugin in versions below 8.3.0. 

 

The steps to exploit the vulnerability: 

 

How to check for exploitation: 

 

Solution: 

 

Timeline: 

 

Credits: