Vulnerabilities > Smartertools > Smartermail > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-48114 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. | 5.4 |
| 2023-12-21 | CVE-2023-48115 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. | 5.4 |
| 2023-12-21 | CVE-2023-48116 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. | 5.4 |
| 2021-11-17 | CVE-2021-43977 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. | 6.1 |
| 2021-09-08 | CVE-2021-40377 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 7866 has stored XSS. | 5.4 |
| 2021-07-06 | CVE-2021-32233 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail before Build 7776 allows XSS. | 6.1 |
| 2019-04-24 | CVE-2019-7213 | Path Traversal vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. | 6.5 |
| 2019-04-24 | CVE-2019-7211 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail 16.x before build 6995 has stored XSS. | 6.1 |
| 2019-01-16 | CVE-2015-9276 | Cross-site Scripting vulnerability in Smartertools Smartermail SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. | 6.1 |