Smartertools Smartermail vulnerabilities
28 known vulnerabilities affecting smartertools/smartermail.
Total CVEs
28
CISA KEV
3
actively exploited
Public exploits
7
Exploited in wild
3
Severity breakdown
CRITICAL6HIGH5MEDIUM17
Vulnerabilities
Page 2 of 2
CVE-2015-9276P4MEDIUMCVSS 6.1fixed in 13.3.55352019-01-16
CVE-2015-9276 [MEDIUM] CWE-79 CVE-2015-9276: SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mec
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need t
nvd
CVE-2021-32233P4MEDIUMCVSS 6.1fixed in 16.3.77762021-07-06
CVE-2021-32233 [MEDIUM] CWE-79 CVE-2021-32233: SmarterTools SmarterMail before Build 7776 allows XSS.
SmarterTools SmarterMail before Build 7776 allows XSS.
nvd
CVE-2021-43977P4MEDIUMCVSS 6.1≥ 16.0.6345, < 100.0.78032021-11-17
CVE-2021-43977 [MEDIUM] CWE-79 CVE-2021-43977: SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
nvd
CVE-2004-2586P4MEDIUMCVSS 5.0v1.6.1511v1.6.15292004-12-31
CVE-2004-2586 [MEDIUM] CVE-2004-2586: Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and
Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter.
nvd
CVE-2021-40377P4MEDIUMCVSS 5.4≥ 16.0.6345, < 16.3.78662021-09-08
CVE-2021-40377 [MEDIUM] CWE-79 CVE-2021-40377: SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize em
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
nvd
CVE-2004-2587P4MEDIUMCVSS 5.0v1.6.1511v1.6.15292004-12-31
CVE-2004-2587 [MEDIUM] CVE-2004-2587: login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a deni
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
nvd
CVE-2004-2585P4MEDIUMCVSS 4.3v1.6.1511v1.6.15292004-12-31
CVE-2004-2585 [MEDIUM] CVE-2004-2585: Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and
Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area.
nvd
CVE-2004-2584P4MEDIUMCVSS 4.0v1.6.1511v1.6.15292004-12-31
CVE-2004-2584 [MEDIUM] CVE-2004-2584: frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated user
frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability.
nvd
← Previous2 / 2