Smartertools: >> Smartermail >> 5.0.2999 Security Vulnerabilities
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
CVSS Score
8.1
EPSS Score
0.01
Published
2021-08-17
SmarterTools SmarterMail before Build 7776 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-07-06
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-01-16
Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
5.0
EPSS Score
0.029
Published
2008-04-16