Vulnerabilities > Smartertools
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-14 | CVE-2022-24384 | Cross-site Scripting vulnerability in Smartertools Smartertrack Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | 4.3 |
| 2022-03-14 | CVE-2022-24385 | Forced Browsing vulnerability in Smartertools Smartertrack A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | 4.0 |
| 2022-03-14 | CVE-2022-24386 | Cross-site Scripting vulnerability in Smartertools Smartertrack Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | 3.5 |
| 2022-03-14 | CVE-2022-24387 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartertools Smartertrack With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. | 6.5 |
| 2021-11-17 | CVE-2021-32234 | Unspecified vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. | 7.5 |
| 2021-11-17 | CVE-2021-43977 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. | 4.3 |
| 2021-09-08 | CVE-2021-40377 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 7866 has stored XSS. | 3.5 |
| 2021-08-17 | CVE-2020-29548 | Command Injection vulnerability in Smartertools Smartermail An issue was discovered in SmarterTools SmarterMail through 100.0.7537. | 6.8 |
| 2021-07-06 | CVE-2021-32233 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail before Build 7776 allows XSS. | 4.3 |
| 2019-04-24 | CVE-2019-7214 | Deserialization of Untrusted Data vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. | 10.0 |