Smartertools: >> Smartermail >> 16.3.6698 Security Vulnerabilities
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-11-17
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-11-17
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-09-08
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
CVSS Score
8.1
EPSS Score
0.01
Published
2021-08-17
SmarterTools SmarterMail before Build 7776 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-07-06
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
CVSS Score
6.5
EPSS Score
0.14
Published
2019-04-24
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
CVSS Score
9.8
EPSS Score
0.827
Published
2019-04-24
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-04-24
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
CVSS Score
8.2
EPSS Score
0.006
Published
2019-04-24