Vulners
Lucene search
SmarterMail 7.3/7.4 - Multiple Vulnerabilities
Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me
Identified: October 28, 2010
Vendor: SmarterTools
Application: SmarterMail 7.x
Bug(s): Stored XSS, Reflected XSS, Directory Traversal, File Upload Parameters, OS Execution, XML Injection, LDAP Injection, DoS
Patch: The Vendor has released SmarterMail Version 8 at URI http://www.smartertools.com/Download.aspx?Product=SmarterMail&File=Installer&Version=8&Location=Primary
Timeline: Notify Vendor 10-28-2011 on Version 7.3 with respect to Stored XSS, other Vulns
Vendor updates to Version 7.4 on 12.30.2010, Notify Vendor of Stored XSS, other Vulns
Vendor updates to Version 8.0 on 3.10.2011
Publication: March 10, 2011 | Hoyt LLC Research publishes vulnerability information for SmarterMail Version 7.3 and 7.4, building on Version 7.1 and 7.2 exploits known as CVE-2010-3486 and CVE-2010-3425 at URI http://www.cloudscan.me/2011/03/smartermail-73-74-full-disclosure-xss.html.
Hoyt LLC Research | March 10, 2011
SmarterMail Versions 7.x | CWE-79: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Stored XSS - CWE-79, CAPEC-86 - SmarterMail Version 7.x Series
Summary
Severity: High
Confidence: Certain
Host: http://SmarterMail 7.x.Hosts
Path: /Main/frmPopupContactsList.aspx
Issue detail - Confirmed in Versions 7.1, 7.2, 7.3 and 7.4
The value of the ctl00%24MPH%24wucContactInfo%24txtEmailAddress_SettingText request parameter submitted to the URL /Main/frmContact.aspx is copied into the HTML document as plain text between tags at the URL /Main/frmPopupContactsList.aspx. The payload 9e8e5<script>alert(1)</script>5b211c9e81 was submitted in the ctl00%24MPH%24wucContactInfo%24txtEmailAddress_SettingText parameter. This input was returned unmodified in a subsequent request for the URL /Main/frmPopupContactsList.aspx.
Full Disclsoure - SmarterMail 7.x - Blog Posts
http://www.cloudscan.me/2011/03/smartermail-73-74-full-disclosure-xss.html
http://www.cloudscan.me/2010/09/smartermail-7x-713876-bugs-cross-site.html
http://www.cloudscan.me/2010/09/smarter-mail-7x-713876-file-fuzzing.html
http://www.cloudscan.me/2010/10/vendor-smartertoolscom-smartermail-7x_07.html
http://www.cloudscan.me/2010/10/vendor-smartertoolscom-smartermail-7x.html
http://www.cloudscan.me/2010/10/smartermail-7x-723925.html
Full Disclosure- SmarterMail 7.x - Burp Suite Pro 1.3.08 + Netsparker Audit Reports, HTML, XML Files, Screen Grabs.
http://xss.cx/examples/sm_7.2.3925_interim_report_1.htm
http://xss.cx/examples/sm_7.2.3925_interim_report_2.htm
http://xss.cx/examples/smartermail-7.2-report-interim-3.html
http://xss.cx/examples/sm-72-target.html
http://xss.cx/examples/sm_7.2.3925_stored_xss_audit_example.html
http://xss.cx/examples/sm_7.2.3925_file2_burp_1.3.08.htmlData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Mar 2011 00:00Current
6.4Medium risk
Vulners AI Score6.4