Filtered by vendor Smartertools
Subscriptions
Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-32233 | 1 Smartertools | 1 Smartermail | 2024-08-03 | 6.1 Medium |
SmarterTools SmarterMail before Build 7776 allows XSS. | ||||
CVE-2021-32234 | 1 Smartertools | 1 Smartermail | 2024-08-03 | 9.8 Critical |
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. | ||||
CVE-2023-48114 | 1 Smartertools | 1 Smartermail | 2024-08-02 | 5.4 Medium |
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name. | ||||
CVE-2023-48115 | 1 Smartertools | 1 Smartermail | 2024-08-02 | 5.4 Medium |
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | ||||
CVE-2023-48116 | 1 Smartertools | 1 Smartermail | 2024-08-02 | 5.4 Medium |
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. |