CVE-2015-9276
SmarterMail (SmarterTools) before version 13.3.5535 is affected by a stored XSS vulnerability where attacker-controlled HTML/JS in an email bypasses anti-XSS protections. When a victim opens or replies to the attacker’s email, JS executes; passwords could be reset on the password-reset page that ...