CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29548
https://notcve.org/view.php?id=CVE-2020-29548
17 Aug 2021 — An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. Se ha detectado un problema en SmarterTools SmarterMail versiones hasta 100.0.7537. Unos atacantes de tipo "Meddler-in-the-middle" pueden canalizar comandos después de un comando POP3 STLS, inyectando comandos de texto plano en una sesión de usuario cifrada. • https://nostarttls.secvuln.info • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32233
https://notcve.org/view.php?id=CVE-2021-32233
05 Jul 2021 — SmarterTools SmarterMail before Build 7776 allows XSS. SmarterTools SmarterMail versiones anteriores al Build 7776, permiten una vulnerabilidad de tipo XSS • https://www.smartertools.com/smartermail/release-notes/current • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9276
https://notcve.org/view.php?id=CVE-2015-9276
16 Jan 2019 — SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. SmarterTools SmarterMail, en versiones anteriores a la 13.3.5535, era vulnerable a Cross-Site Scripting (XSS) persistente mediante la omi... • https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 6CVE-2010-3486 – SmarterMail 7.3/7.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-3486
22 Sep 2010 — Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter. Vulnerabilidad de salto de directorio en FileStorageUpload.ashx en SmarterMail v7.1.3876, permite a atacantes remotos leer ficheros mediante (1) ../ (punto punto barra), (2) %5C o (3) %255c en el parámetro nombre. • https://www.exploit-db.com/exploits/16955 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •