Vulnerabilities > Smartertools

DATE CVE VULNERABILITY TITLE RISK
2021-08-17 CVE-2020-29548 Command Injection vulnerability in Smartertools Smartermail
An issue was discovered in SmarterTools SmarterMail through 100.0.7537.
6.8
2021-07-06 CVE-2021-32233 Cross-site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail before Build 7776 allows XSS.
4.3
2019-04-24 CVE-2019-7214 Deserialization of Untrusted Data vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data.
network
low complexity
smartertools CWE-502
critical
9.8
2019-04-24 CVE-2019-7213 Path Traversal vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal.
network
low complexity
smartertools CWE-22
5.5
2019-04-24 CVE-2019-7212 Use of Hard-coded Credentials vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys.
network
low complexity
smartertools CWE-798
6.4
2019-04-24 CVE-2019-7211 Cross-site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail 16.x before build 6995 has stored XSS.
4.3
2019-01-16 CVE-2015-9276 Cross-site Scripting vulnerability in Smartertools Smartermail
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms.
4.3
2017-09-30 CVE-2017-14620 Cross-site Scripting vulnerability in Smartertools Smarterstats 11.3.6347
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
4.3
2012-09-19 CVE-2012-2578 Cross-Site Scripting vulnerability in Smartertools Smartermail 9.2
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
4.3
2011-12-16 CVE-2011-4752 Unspecified vulnerability in Smartertools Smarterstats 6.2.4100
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files.
network
low complexity
smartertools
critical
10.0