Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
SmartertoolsSmartermail

3 matches found

CVE
CVEadded 2023/12/21 3:15 p.m.32 views

CVE-2023-48116

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.

5.4CVSS5.1AI score0.00169EPSS
CVE
CVEadded 2023/12/21 3:15 p.m.30 views

CVE-2023-48114

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.

5.4CVSS5.2AI score0.00169EPSS
CVE
CVEadded 2023/12/21 3:15 p.m.25 views

CVE-2023-48115

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.

5.4CVSS5.2AI score0.00169EPSS