Shodan
Vulnerabilities
Vulnerable Software
Smartertools:  Security Vulnerabilities
CVE-2023-48114
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-21
CVE-2023-48115
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-21
CVE-2023-48116
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-12-21
CVE-2022-24384
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
CVSS Score
8.8
EPSS Score
0.511
Published
2022-03-14
CVE-2022-24385
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-14
CVE-2022-24386
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-03-14
CVE-2022-24387
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
CVSS Score
9.1
EPSS Score
0.006
Published
2022-03-14
CVE-2021-32234
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-11-17
CVE-2021-43977
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-17
CVE-2021-40377
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-09-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved