cleantalk
Vulnerabilities and Security Researches

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue), CVE-2024-35668

CVE, Research URL

CVE-2024-35668

Home page URL

Security reports for Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Application

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue)

Published on
Jun 04, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from n/a through 3.1.77.
Affected versions
max 3.1.78.
Status
vulnerable
Previous vulnerability researches
Mailing Group Listserv (CVE-2025-46463) , May 05, 2025
Mailing Group Listserv (CVE-2025-22595) , Jan 11, 2025
Mailing Group Listserv (CVE-2025-22527) , Jan 11, 2025
Mailing Group Listserv (CVE-2025-50036) , Jun 23, 2025
SMTP Mailing Queue (CVE-2023-1090) , Jun 07, 2024
New vulnerability
SiteGuard WP Plugin (CVE-2026-27411) , Mar 29, 2026
Visual Portfolio, Photo Gallery & Post Grid (CVE-2026-32537) , Mar 29, 2026
StatCounter – Free Real Time Visitor Stats (CVE-2025-13048) , Mar 29, 2026
TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds (CVE-2026-32398) , Mar 29, 2026
Activity Log WinterLock (CVE-2026-24987) , Mar 29, 2026