CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-48115

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.8%

CVSS Severity

CVSS v3 Score 5.4

References

https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail
https://www.smartertools.com/smartermail/release-notes/current
https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail
https://www.smartertools.com/smartermail/release-notes/current

Products affected by CVE-2023-48115

Smartertools » Smartermail » Version: Any

cpe:2.3:a:smartertools:smartermail:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-48115

Products

Pricing

Contact Us