Vulnerabilities (CVE)

Filtered by vendor Smartertools Subscribe
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-48114 1 Smartertools 1 Smartermail 2024-01-04 N/A 5.4 MEDIUM
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.
CVE-2023-48115 1 Smartertools 1 Smartermail 2024-01-04 N/A 5.4 MEDIUM
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.
CVE-2023-48116 1 Smartertools 1 Smartermail 2024-01-04 N/A 5.4 MEDIUM
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.
CVE-2022-24387 1 Smartertools 1 Smartertrack 2023-12-10 6.5 MEDIUM 7.2 HIGH
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
CVE-2022-24385 1 Smartertools 1 Smartertrack 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
CVE-2022-24384 1 Smartertools 1 Smartertrack 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
CVE-2022-24386 1 Smartertools 1 Smartertrack 2023-12-10 3.5 LOW 5.4 MEDIUM
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
CVE-2021-32234 1 Smartertools 1 Smartermail 2023-12-10 7.5 HIGH 9.8 CRITICAL
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
CVE-2021-43977 1 Smartertools 1 Smartermail 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
CVE-2021-32233 1 Smartertools 1 Smartermail 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
SmarterTools SmarterMail before Build 7776 allows XSS.
CVE-2021-40377 1 Smartertools 1 Smartermail 2023-12-10 3.5 LOW 5.4 MEDIUM
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
CVE-2020-29548 1 Smartertools 1 Smartermail 2023-12-10 6.8 MEDIUM 8.1 HIGH
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
CVE-2019-7213 1 Smartertools 1 Smartermail 2023-12-10 5.5 MEDIUM 6.5 MEDIUM
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
CVE-2019-7211 1 Smartertools 1 Smartermail 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
CVE-2019-7214 1 Smartertools 1 Smartermail 2023-12-10 10.0 HIGH 9.8 CRITICAL
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
CVE-2019-7212 1 Smartertools 1 Smartermail 2023-12-10 6.4 MEDIUM 8.2 HIGH
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
CVE-2015-9276 1 Smartertools 1 Smartermail 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.
CVE-2017-14620 1 Smartertools 1 Smarterstats 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
CVE-2012-2578 1 Smartertools 1 Smartermail 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
CVE-2009-4994 1 Smartertools 1 Smartertrack 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.