2 matches found
CVE-2023-48114
CVE-2023-48114 affects SmarterTools SmarterMail 8495–8664, before 8747. A stored XSS flaw arises from handling image/svg+xml and uploaded SVGs, where the app permits youtube.com variants including an @ attacker-controlled domain name. Impact is stored XSS in web context via SVG upload; no exploit...
CVE-2023-48114
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name...