Search criteria
2 vulnerabilities by md-systems
CVE-2012-2724 (GCVE-0-2012-2724)
Vulnerability from cvelistv5 – Published: 2020-01-09 19:51 – Updated: 2024-08-06 19:42
VLAI
Summary
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page.
Severity
No CVSS data available.
CWE
- Path Disclosure
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://drupal.org/node/1619848 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | x_refsource_MISC |
| http://drupal.org/node/1619812 | x_refsource_MISC |
| http://drupal.org/node/1619818 | x_refsource_MISC |
| http://drupal.org/node/1619820 | x_refsource_MISC |
| http://drupalcode.org/project/simplenews.git/comm… | x_refsource_MISC |
| http://drupalcode.org/project/simplenews.git/comm… | x_refsource_MISC |
| http://drupalcode.org/project/simplenews.git/comm… | x_refsource_MISC |
| http://www.securityfocus.com/bid/53839 | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Simplenews | Simplenews |
Affected:
6.x-1.x before 6.x-1.4
Affected: 6.x-2.x before 6.x-2.0-alpha4 Affected: and 7.x-1.x before 7.x-1.0-rc1 |
Date Public
2012-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619848"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619812"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619818"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619820"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Simplenews",
"vendor": "Simplenews",
"versions": [
{
"status": "affected",
"version": "6.x-1.x before 6.x-1.4"
},
{
"status": "affected",
"version": "6.x-2.x before 6.x-2.0-alpha4"
},
{
"status": "affected",
"version": "and 7.x-1.x before 7.x-1.0-rc1"
}
]
}
],
"datePublic": "2012-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Path Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T19:51:42.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619848"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619812"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619818"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619820"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/53839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simplenews",
"version": {
"version_data": [
{
"version_value": "6.x-1.x before 6.x-1.4"
},
{
"version_value": "6.x-2.x before 6.x-2.0-alpha4"
},
{
"version_value": "and 7.x-1.x before 7.x-1.0-rc1"
}
]
}
}
]
},
"vendor_name": "Simplenews"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensitive information via the confirmation page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1619848",
"refsource": "MISC",
"url": "http://drupal.org/node/1619848"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/06/14/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupal.org/node/1619812",
"refsource": "MISC",
"url": "http://drupal.org/node/1619812"
},
{
"name": "http://drupal.org/node/1619818",
"refsource": "MISC",
"url": "http://drupal.org/node/1619818"
},
{
"name": "http://drupal.org/node/1619820",
"refsource": "MISC",
"url": "http://drupal.org/node/1619820"
},
{
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1",
"refsource": "MISC",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/36352c1"
},
{
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c",
"refsource": "MISC",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/6d5704c"
},
{
"name": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6",
"refsource": "MISC",
"url": "http://drupalcode.org/project/simplenews.git/commitdiff/faec6a6"
},
{
"name": "http://www.securityfocus.com/bid/53839",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/53839"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2724",
"datePublished": "2020-01-09T19:51:42.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:32.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4447 (GCVE-0-2013-4447)
Vulnerability from cvelistv5 – Published: 2013-11-01 14:00 – Updated: 2024-08-06 16:45
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/123660/Drupa… | x_refsource_MISC |
| https://drupal.org/node/2113491 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/55209 | third-party-advisoryx_refsource_SECUNIA |
| http://seclists.org/fulldisclosure/2013/Oct/120 | mailing-listx_refsource_FULLDISC |
| https://drupal.org/node/2113515 | x_refsource_MISC |
| https://drupal.org/node/2113487 | x_refsource_CONFIRM |
| http://osvdb.org/98628 | vdb-entryx_refsource_OSVDB |
Date Public
2013-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123660/Drupal-Simplenews-6.x-7.x-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2113491"
},
{
"name": "simplenews-email-xss(88101)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88101"
},
{
"name": "55209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55209"
},
{
"name": "20131016 [Security-news] SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Oct/120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2113515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2113487"
},
{
"name": "98628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/98628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123660/Drupal-Simplenews-6.x-7.x-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2113491"
},
{
"name": "simplenews-email-xss(88101)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88101"
},
{
"name": "55209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55209"
},
{
"name": "20131016 [Security-news] SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Oct/120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2113515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2113487"
},
{
"name": "98628",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/98628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123660/Drupal-Simplenews-6.x-7.x-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123660/Drupal-Simplenews-6.x-7.x-Cross-Site-Scripting.html"
},
{
"name": "https://drupal.org/node/2113491",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2113491"
},
{
"name": "simplenews-email-xss(88101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88101"
},
{
"name": "55209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55209"
},
{
"name": "20131016 [Security-news] SA-CONTRIB-2013-080 - Simplenews - Cross Site Scripting (XSS)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Oct/120"
},
{
"name": "https://drupal.org/node/2113515",
"refsource": "MISC",
"url": "https://drupal.org/node/2113515"
},
{
"name": "https://drupal.org/node/2113487",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2113487"
},
{
"name": "98628",
"refsource": "OSVDB",
"url": "http://osvdb.org/98628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4447",
"datePublished": "2013-11-01T14:00:00.000Z",
"dateReserved": "2013-06-12T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:45:14.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}