Smartermail@* Security Vulnerabilities and Issues — Smartermail@* CVE List

Lucene search

SmartertoolsSmartermail*

13 matches found

CVE•added 2019/04/24 3:29 p.m.•114 views

CVE-2019-7214

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

10CVSS9.5AI score0.82667EPSS

CVE•added 2021/07/06 12:15 a.m.•95 views

CVE-2021-32233

SmarterTools SmarterMail before Build 7776 allows XSS.

6.1CVSS6.3AI score0.00285EPSS

CVE•added 2021/11/17 5:15 p.m.•50 views

CVE-2021-32234

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.

9.8CVSS9.8AI score0.03074EPSS

CVE•added 2021/09/08 11:15 a.m.•42 views

CVE-2021-40377

SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.

5.4CVSS5.4AI score0.00502EPSS

CVE•added 2021/08/17 6:15 p.m.•38 views

CVE-2020-29548

An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.

8.1CVSS8AI score0.01027EPSS

CVE•added 2021/11/17 5:15 p.m.•35 views

CVE-2021-43977

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.

6.1CVSS6.2AI score0.00526EPSS

CVE•added 2019/04/24 3:29 p.m.•34 views

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.

8.2CVSS8.1AI score0.00571EPSS

CVE•added 2023/12/21 3:15 p.m.•32 views

CVE-2023-48116

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.

5.4CVSS5.1AI score0.00169EPSS

CVE•added 2023/12/21 3:15 p.m.•30 views

CVE-2023-48114

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.

5.4CVSS5.2AI score0.00169EPSS

CVE•added 2019/04/24 3:29 p.m.•29 views

CVE-2019-7211

SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.

6.1CVSS6.3AI score0.00359EPSS

CVE•added 2019/04/24 3:29 p.m.•28 views

CVE-2019-7213

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the ...

6.5CVSS6.6AI score0.13974EPSS

CVE•added 2019/01/16 4:29 p.m.•26 views

CVE-2015-9276

SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using a...

6.1CVSS6.1AI score0.00301EPSS

CVE•added 2023/12/21 3:15 p.m.•25 views

CVE-2023-48115

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.

5.4CVSS5.2AI score0.00169EPSS