// For flags

CVE-2012-2578

smartermail free 9.2 - Persistent Cross-Site Scripting

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.

Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en SmarterMail v9.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un cuerpo de mensaje de correo electrónico con (1) una función alert de JavaScript usada junto con el método fromCharCode, (2) un elemento SCRIPT, (3) una propiedad de expresión de Hojas de Estilo en Cascada (CSS) en el atributo STYLE de un elemento de su elección, o (4) un atributo innerHTML en un documento XML.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-09 CVE Reserved
  • 2012-08-08 First Exploit
  • 2012-09-19 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://www.exploit-db.com/exploits/20362 2012-08-08
http://www.exploit-db.com/exploits/20362 2024-09-17
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Smartertools
Search vendor "Smartertools"
 Smartermail
Search vendor "Smartertools" for product "Smartermail"
 9.2
Search vendor "Smartertools" for product "Smartermail" and version "9.2"
-
Affected