Vulnerabilities > Smartertools > Smartermail > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-48114 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. | 5.4 |
| 2023-12-21 | CVE-2023-48115 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | 5.4 |
| 2023-12-21 | CVE-2023-48116 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. | 5.4 |
| 2021-11-17 | CVE-2021-43977 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. | 4.3 |
| 2021-08-17 | CVE-2020-29548 | Command Injection vulnerability in Smartertools Smartermail An issue was discovered in SmarterTools SmarterMail through 100.0.7537. | 6.8 |
| 2021-07-06 | CVE-2021-32233 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail before Build 7776 allows XSS. | 4.3 |
| 2019-04-24 | CVE-2019-7213 | Path Traversal vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. | 5.5 |
| 2019-04-24 | CVE-2019-7212 | Use of Hard-coded Credentials vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. | 6.4 |
| 2019-04-24 | CVE-2019-7211 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6995 has stored XSS. | 4.3 |
| 2019-01-16 | CVE-2015-9276 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. | 4.3 |