Vulnerabilities > Smartertools

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-48114 Cross-site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document.
network
low complexity
smartertools CWE-79
5.4
2023-12-21 CVE-2023-48115 Cross-site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.
network
low complexity
smartertools CWE-79
5.4
2023-12-21 CVE-2023-48116 Cross-site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.
network
low complexity
smartertools CWE-79
5.4
2022-03-14 CVE-2022-24384 Cross-site Scripting vulnerability in Smartertools Smartertrack
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
network
low complexity
smartertools CWE-79
6.1
2022-03-14 CVE-2022-24385 Forced Browsing vulnerability in Smartertools Smartertrack
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
network
low complexity
smartertools CWE-425
6.5
2022-03-14 CVE-2022-24386 Cross-site Scripting vulnerability in Smartertools Smartertrack
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
network
low complexity
smartertools CWE-79
6.1
2022-03-14 CVE-2022-24387 Unrestricted Upload of File with Dangerous Type vulnerability in Smartertools Smartertrack
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g.
network
low complexity
smartertools CWE-434
7.2
2021-11-17 CVE-2021-32234 Unspecified vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
network
low complexity
smartertools
critical
9.8
2021-11-17 CVE-2021-43977 Cross-site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
network
low complexity
smartertools CWE-79
6.1
2021-09-08 CVE-2021-40377 Cross-site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 7866 has stored XSS.
network
low complexity
smartertools CWE-79
5.4