CVE-2015-9276
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.
SmarterTools SmarterMail, en versiones anteriores a la 13.3.5535, era vulnerable a Cross-Site Scripting (XSS) persistente mediante la omisión del mecanismo anti-XSS. Era posible ejecutar código JavaScript cuando un usuario víctima abre o contesta al correo electrónico del atacante, que contenía una carga útil maliciosa. Por lo tanto, las contraseñas de los usuarios podrían restablecerse utilizando un ataque XSS, ya que la página de restablecimiento de contraseña no necesitaba la contraseña actual.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-16 CVE Reserved
- 2019-01-16 CVE Published
- 2024-01-10 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf | Third Party Advisory | |
| https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails | Third Party Advisory | |
| https://www.smartertools.com/smartermail/release-notes/13 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Smartertools Search vendor "Smartertools" | Smartermail Search vendor "Smartertools" for product "Smartermail" | < 13.3.5535 Search vendor "Smartertools" for product "Smartermail" and version " < 13.3.5535" | - |
Affected
| ||||||