CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48114
https://notcve.org/view.php?id=CVE-2023-48114
21 Dec 2023 — SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name. SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite XSS almacenado usando image/svg+xml y un documento SVG cargado. Esto ocurre porque la aplicación intenta permitir las URL de youtube.com, pero en realidad perm... • https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48115
https://notcve.org/view.php?id=CVE-2023-48115
21 Dec 2023 — SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite DOM XSS almacenado porque se omite un mecanismo de protección XSS cuando messageHTML y messagePlainText se configuran en la misma solicitud. • https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48116
https://notcve.org/view.php?id=CVE-2023-48116
21 Dec 2023 — SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. SmarterTools SmarterMail 8495 a 8664 antes de 8747 permite almacenar XSS a través de una descripción manipulada de una cita del Calendario. • https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24387 – File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
https://notcve.org/view.php?id=CVE-2022-24387
14 Mar 2022 — With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 Con privilegios de administrador o de administrador puede engañarse a la aplicación para que sobrescriba los archivos de la carpeta app_data/Config, por ejemplo, el archivo systemsettings.xml. Esto es posible en SmarterTrack versión v100.0.8019.14010 • https://csirt.divd.nl/DIVD-2021-00029 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24384 – Reflective XSS on SmarterTrack v100.0.8019.14010
https://notcve.org/view.php?id=CVE-2022-24384
14 Mar 2022 — Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en SmarterTools SmarterTrack Este problema afecta a: SmarterTools SmarterTrack versión 100.0.8019.14010 • https://csirt.divd.nl/CVE-2022-24384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24385 – Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
https://notcve.org/view.php?id=CVE-2022-24385
14 Mar 2022 — A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. Una vulnerabilidad de Acceso Directo a Objetos en SmarterTools SmarterTrack conlleva a una divulgación de información Este problema afecta a: SmarterTools SmarterTrack versión 100.0.8019.14010 • https://csirt.divd.nl/CVE-2022-24385 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24386 – Stored XSS in SmarterTrack v100.0.8019.14010
https://notcve.org/view.php?id=CVE-2022-24386
14 Mar 2022 — Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. Una vulnerabilidad de tipo XSS almacenado en SmarterTools SmarterTrack Este problema afecta a: SmarterTools SmarterTrack versión 100.0.8019.14010 • https://csirt.divd.nl/CVE-2022-24386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43977
https://notcve.org/view.php?id=CVE-2021-43977
17 Nov 2021 — SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. SmarterTools SmarterMail versiones 16.x hasta 100.x anteriores a 100.0.7803 permite un ataque de tipo XSS • https://csirt.divd.nl/cases/DIVD-2021-00006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32234
https://notcve.org/view.php?id=CVE-2021-32234
17 Nov 2021 — SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. SmarterTools SmarterMail versiones 16.x hasta 100.x anteriores a 100.0.7803, permite una ejecución de código remota • https://csirt.divd.nl/cases/DIVD-2021-00006 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40377
https://notcve.org/view.php?id=CVE-2021-40377
08 Sep 2021 — SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application. SmarterTools SmarterMail versión 16.x antes de la build 7866, presenta una vulnerabilidad de tipo XSS almacenado. La aplicación no sanea el contenido del correo electrónico, permitiendo así inyectar HTML y/o JavaScript en una página que luego será procesada y almacenada por la... • https://www.smartertools.com/smartermail/release-notes/current • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •