Vulnerabilities > Smartertools > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-24 | CVE-2019-7212 | Use of Hard-coded Credentials vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. | 6.4 |
| 2019-04-24 | CVE-2019-7211 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6995 has stored XSS. | 4.3 |
| 2019-01-16 | CVE-2015-9276 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. | 4.3 |
| 2017-09-30 | CVE-2017-14620 | Cross-site Scripting vulnerability in Smartertools Smarterstats 11.3.6347 SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | 4.3 |
| 2012-09-19 | CVE-2012-2578 | Cross-Site Scripting vulnerability in Smartertools Smartermail 9.2 Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document. | 4.3 |
| 2011-12-16 | CVE-2011-4751 | Information Exposure vulnerability in Smartertools Smarterstats 6.2.4100 SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. | 5.0 |
| 2011-12-16 | CVE-2011-4750 | Cross-Site Scripting vulnerability in Smartertools Smarterstats 6.2.4100 Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files. | 4.3 |
| 2011-05-20 | CVE-2011-2157 | Permissions, Privileges, and Access Controls vulnerability in Smartertools Smarterstats 6.0 The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. | 5.0 |
| 2011-05-20 | CVE-2011-2156 | Information Exposure vulnerability in Smartertools Smarterstats 6.0 The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/. | 5.0 |
| 2011-05-20 | CVE-2011-2154 | Information Exposure vulnerability in Smartertools Smarterstats 6.0 login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |