Advisory CVE-2023-28733, Stored XSS affecting the AcyMailing plugin for Joomla

CVE ID: CVE-2023-28733 

Vendor: AcyMailing 

Product: Newsletter Plugin for Joomla in the Enterprise version 

Title: Stored XSS affecting the AcyMailing plugin for Joomla 

Vulnerable Versions: < 8.3.0 


Problem Type (CWE): 

Impacts (CAPEC): 


CVSS 3.1 




CVE Description: 


AcyMailing is a newsletter and email marketing plugin available for Joomla and WordPress. 


The vulnerability: 

Stored cross site scripting (XSS) in templates and emails of AcyMailing, unauthenticated when being granted access to the campaign’s creation on front-office. 

This issue affects AnyMailing Joomla Plugin in versions below 8.3.0. 


The steps to exploit the vulnerability: 


How to check for exploitation: