Smartertools: >> Smartermail >> 16.3.6989 Security Vulnerabilities
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVSS Score
10.0
EPSS Score
0.109
Published
2025-12-29
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-11-17
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-11-17
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-08
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
CVSS Score
8.1
EPSS Score
0.006
Published
2021-08-17
SmarterTools SmarterMail before Build 7776 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-07-06