This can be exploited to obtain e-mail addresses of people who subscribe to the attacker's newsletter, potentially compromising their privacy.

Additionally, it is possible to modify the verification link by injecting arbitrary HTML to deliver a different message to the user, or obtain access to the user's account by using the forgery of the verification link. This might lead to the hijacking of a victim's account. The vendor responsible for development of this software has released version 5.9.64 of this product, fixing this vulnerability.

How to check if I’m vulnerable?

You can check if you are vulnerable by visiting the vendor's website and entering your e-mail address. This will confirm whether you are subscribed to the attacker's newsletter.

Timeline

Published on: 11/16/2022 23:15:00 UTC
Last modified on: 11/21/2022 17:41:00 UTC

References