Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
53 vulnerabilities by smartertools
CVE-2026-7807 (GCVE-0-2026-7807)
Vulnerability from cvelistv5 – Published: 2026-05-08 19:54 – Updated: 2026-05-11 23:11
VLAI
Title
SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API
Summary
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | release-notespatch |
| https://www.vulncheck.com/advisories/smartertools… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools Inc. | SmarterMail |
Affected:
0 , < 9560
(custom)
|
Date Public
2026-05-08 20:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-09T03:56:12.615004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T14:29:07.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmarterMail",
"vendor": "SmarterTools Inc.",
"versions": [
{
"lessThan": "9560",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dninh of SACOMBANK"
}
],
"datePublic": "2026-05-08T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users.\u003c/p\u003e"
}
],
"value": "SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T23:11:51.869Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartermail-build-9560-server-local-file-inclusion-via-the-api-v1-report-summary-type-api"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SmarterTools SmarterMail \u003c Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-7807",
"datePublished": "2026-05-08T19:54:33.363Z",
"dateReserved": "2026-05-04T20:56:15.558Z",
"dateUpdated": "2026-05-11T23:11:51.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40514 (GCVE-0-2026-40514)
Vulnerability from cvelistv5 – Published: 2026-04-27 14:21 – Updated: 2026-04-27 20:11
VLAI
Title
SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG
Summary
SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | release-notespatch |
| https://www.vulncheck.com/advisories/smartertools… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools Inc. | SmarterMail |
Affected:
0 , < 100.0.9610
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-27T19:06:29.125530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T20:11:46.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmarterMail",
"vendor": "SmarterTools Inc.",
"versions": [
{
"lessThan": "100.0.9610",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maximilian Wiegand of CODE WHITE GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.\u003cbr\u003e"
}
],
"value": "SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T14:21:40.564Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartermail-build-9610-cryptographic-weakness-via-weak-rng"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SmarterTools SmarterMail \u003c Build 9610 Cryptographic Weakness via Weak RNG",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-40514",
"datePublished": "2026-04-27T14:21:40.564Z",
"dateReserved": "2026-04-13T20:29:02.809Z",
"dateUpdated": "2026-04-27T20:11:46.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26930 (GCVE-0-2026-26930)
Vulnerability from cvelistv5 – Published: 2026-02-16 16:27 – Updated: 2026-02-22 19:08
VLAI
Summary
SmarterTools SmarterMail before 9526 allows XSS via MAPI requests.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterMail |
Affected:
0 , < 9526
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:46:54.486705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:47:01.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-22T19:08:16.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2026/Feb/30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmarterMail",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "9526",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail before 9526 allows XSS via MAPI requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T16:35:18.324Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"url": "https://www.smartertools.com/smartermail/release-notes#9526"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-26930",
"datePublished": "2026-02-16T16:27:14.946Z",
"dateReserved": "2026-02-16T16:27:14.790Z",
"dateUpdated": "2026-02-22T19:08:16.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25067 (GCVE-0-2026-25067)
Vulnerability from cvelistv5 – Published: 2026-01-29 03:38 – Updated: 2026-03-05 01:30
VLAI
Title
SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion
Summary
SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-706 - Use of Incorrectly-Resolved Name or Reference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | release-notespatch |
| https://www.vulncheck.com/advisories/smartertools… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterMail |
Affected:
0 , < 100.0.9518
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25067",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T17:51:38.523562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T17:51:55.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmarterMail",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "100.0.9518",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "100.0.9518",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Cale Black of VulnCheck"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SmarterTools SmarterMail versions prior to build 9518 contain\u0026nbsp;an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication.\u003cbr\u003e"
}
],
"value": "SmarterTools SmarterMail versions prior to build 9518 contain\u00a0an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows UNC paths to be resolved, causing the SmarterMail service to initiate outbound SMB authentication attempts to attacker-controlled hosts. This can be abused for credential coercion, NTLM relay attacks, and unauthorized network authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-706",
"description": "CWE-706 Use of Incorrectly-Resolved Name or Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:30:42.395Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-background-of-the-day-path-coercion"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SmarterTools SmarterMail \u003c Build 9518 Unauthenticated background-of-the-day Path Coercion",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-25067",
"datePublished": "2026-01-29T03:38:02.582Z",
"dateReserved": "2026-01-28T21:47:35.119Z",
"dateUpdated": "2026-03-05T01:30:42.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24423 (GCVE-0-2026-24423)
Vulnerability from cvelistv5 – Published: 2026-01-23 16:53 – Updated: 2026-03-05 01:30Title
SmarterTools SmarterMail < Build 9511 Unauthenticated RCE via ConnectToHub API
Summary
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application.
Severity
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | release-notespatch |
| https://code-white.com/public-vulnerability-list/… | third-party-advisory |
| https://www.vulncheck.com/advisories/smartertools… | third-party-advisory |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterMail |
Affected:
0 , < 100.0.9511
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24423",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T04:55:28.394957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-05",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24423"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:53.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-24423"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-05T00:00:00.000Z",
"value": "CVE-2026-24423 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmarterMail",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "100.0.9511",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "100.0.9511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sina Kheirkhah \u0026 Piotr Bazydlo of watchTowr"
},
{
"lang": "en",
"type": "finder",
"value": "Markus Wulftange of CODE WHITE GmbH"
},
{
"lang": "en",
"type": "finder",
"value": "Cale Black of VulnCheck"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application."
}
],
"value": "SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the vulnerable application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:30:27.539Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://code-white.com/public-vulnerability-list/#systemadminsettingscontrollerconnecttohub-missing-authentication-in-smartermail"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartermail-unauthenticated-rce-via-connecttohub-api"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SmarterTools SmarterMail \u003c Build 9511 Unauthenticated RCE via ConnectToHub API",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-24423",
"datePublished": "2026-01-23T16:53:34.951Z",
"dateReserved": "2026-01-22T18:21:46.813Z",
"dateUpdated": "2026-03-05T01:30:27.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23760 (GCVE-0-2026-23760)
Vulnerability from cvelistv5 – Published: 2026-01-22 14:35 – Updated: 2026-03-05 01:30 X_Known Exploited VulnerabilityTitle
SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API
Summary
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE: SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host.
Severity
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | release-notespatch |
| https://labs.watchtowr.com/attackers-with-decompi… | technical-descriptionexploit |
| https://code-white.com/public-vulnerability-list/… | third-party-advisory |
| https://www.vulncheck.com/advisories/smartertools… | third-party-advisory |
| https://www.huntress.com/blog/smartermail-account… | third-party-advisory |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterMail |
Affected:
0 , < 100.0.9511
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23760",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T04:55:31.462513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-01-26",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-23760"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:32.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.huntress.com/blog/smartermail-account-takeover-leading-to-rce"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-23760"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SmarterMail",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "100.0.9511",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "100.0.9511",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Piotr Bazydlo \u0026 Sina Kheirkhah of watchTowr"
},
{
"lang": "en",
"type": "finder",
"value": "Markus Wulftange of CODE WHITE GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE:\u0026nbsp;SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host."
}
],
"value": "SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An unauthenticated attacker can supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. NOTE:\u00a0SmarterMail system administrator privileges grant the ability to execute operating system commands via built-in management functionality, effectively providing administrative (SYSTEM or root) access on the underlying host."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:30:23.457Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"release-notes",
"patch"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://code-white.com/public-vulnerability-list/#authenticationserviceforceresetpassword-missing-authentication-in-smartermail"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartermail-authentication-bypass-via-password-reset-api"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_known-exploited-vulnerability"
],
"title": "SmarterTools SmarterMail \u003c Build 9511 Authentication Bypass via Password Reset API",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23760",
"datePublished": "2026-01-22T14:35:17.235Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-03-05T01:30:23.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36926 (GCVE-0-2020-36926)
Vulnerability from cvelistv5 – Published: 2026-01-15 23:25 – Updated: 2026-04-07 14:05
VLAI
Title
SmarterTools SmarterTrack 7922 -Information Disclosure
Summary
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50328 | exploit |
| https://www.smartertools.com/ | product |
| https://www.smartertools.com/smartertrack | product |
| https://www.vulncheck.com/advisories/smartertools… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Smartertools | SmarterTools SmarterTrack |
Affected:
10.0
Affected: 14.0 |
Date Public
2021-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36926",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T16:30:42.235818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T16:30:59.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50328"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SmarterTools SmarterTrack",
"vendor": "Smartertools",
"versions": [
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "14.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smartertools:smartermail:10.x:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrei Manole"
}
],
"datePublic": "2021-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents\u0027 first and last names along with their unique identifiers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:05:01.488Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50328",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50328"
},
{
"name": "SmarterTools Official Homepage",
"tags": [
"product"
],
"url": "https://www.smartertools.com/"
},
{
"name": "SmarterTrack Product Page",
"tags": [
"product"
],
"url": "https://www.smartertools.com/smartertrack"
},
{
"name": "VulnCheck Advisory: SmarterTools SmarterTrack 7922 -Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartertrack-information-disclosure"
}
],
"title": "SmarterTools SmarterTrack 7922 -Information Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36926",
"datePublished": "2026-01-15T23:25:33.221Z",
"dateReserved": "2026-01-10T13:50:35.693Z",
"dateUpdated": "2026-04-07T14:05:01.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52691 (GCVE-0-2025-52691)
Vulnerability from cvelistv5 – Published: 2025-12-29 02:15 – Updated: 2026-02-26 16:07Title
Upload Arbitrary Files
Summary
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
Severity
10 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.csa.gov.sg/alerts-and-advisories/aler… | |
| https://github.com/watchtowrlabs/watchTowr-vs-Sma… | exploit |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterMail |
Affected:
SmarterMail versions Build 9406 and earlier
|
Date Public
2025-12-29 02:11
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52691",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T04:55:29.121460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-01-26",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:23.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-SmarterMail-CVE-2025-52691?ref=labs.watchtowr.com"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-52691"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SmarterMail",
"vendor": "SmarterTools",
"versions": [
{
"status": "affected",
"version": "SmarterMail versions Build 9406 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chua Meng Han"
}
],
"datePublic": "2025-12-29T02:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.\n\n\u003cbr\u003e"
}
],
"value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T02:15:58.200Z",
"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"shortName": "CSA"
},
"references": [
{
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users and administrators of affected product versions are advised to update to SmarterMail version Build 9413 immediately.\n\n\u003cbr\u003e"
}
],
"value": "Users and administrators of affected product versions are advised to update to SmarterMail version Build 9413 immediately."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Upload Arbitrary Files",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
"assignerShortName": "CSA",
"cveId": "CVE-2025-52691",
"datePublished": "2025-12-29T02:15:58.200Z",
"dateReserved": "2025-06-19T06:04:41.987Z",
"dateUpdated": "2026-02-26T16:07:23.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48115 (GCVE-0-2023-48115)
Vulnerability from cvelistv5 – Published: 2023-12-21 00:00 – Updated: 2024-08-02 21:23
VLAI
Summary
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:38.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_transferred"
],
"url": "https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T15:27:45.508Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"url": "https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48115",
"datePublished": "2023-12-21T00:00:00.000Z",
"dateReserved": "2023-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:23:38.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48116 (GCVE-0-2023-48116)
Vulnerability from cvelistv5 – Published: 2023-12-21 00:00 – Updated: 2024-08-02 21:23
VLAI
Summary
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:38.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_transferred"
],
"url": "https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T15:28:39.457Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"url": "https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48116",
"datePublished": "2023-12-21T00:00:00.000Z",
"dateReserved": "2023-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:23:38.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48114 (GCVE-0-2023-48114)
Vulnerability from cvelistv5 – Published: 2023-12-21 00:00 – Updated: 2024-08-02 21:23
VLAI
Summary
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_transferred"
],
"url": "https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T15:26:51.946Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"url": "https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48114",
"datePublished": "2023-12-21T00:00:00.000Z",
"dateReserved": "2023-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T21:23:39.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24387 (GCVE-0-2022-24387)
Vulnerability from cvelistv5 – Published: 2022-03-14 12:15 – Updated: 2026-05-05 21:08
VLAI
Title
File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
Summary
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://csirt.divd.nl/DIVD-2021-00029 | x_refsource_CONFIRMrelated |
| https://csirt.divd.nl/CVE-2022-24387/ | x_refsource_CONFIRMthird-party-advisory |
| https://csrit.divd.nl/CVE-2022-24387 | x_refsource_CONFIRMthird-party-advisoryx_transferred |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.0.8019.x , < Build 8075
(custom)
|
|
| smartertools | smartertrack |
Affected:
100.0.8019.x , < Build_8075
(custom)
cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartertrack",
"vendor": "smartertools",
"versions": [
{
"lessThan": "Build_8075",
"status": "affected",
"version": "100.0.8019.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T15:40:24.373881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:53.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csrit.divd.nl/CVE-2022-24387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.0.8019.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"value": "With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T21:08:45.102Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24387/"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24387",
"datePublished": "2022-03-14T12:15:59.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2026-05-05T21:08:45.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-24384 (GCVE-0-2022-24384)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI
Title
Reflective XSS on SmarterTrack v100.0.8019.14010
Summary
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://csirt.divd.nl/DIVD-2021-00029 | x_refsource_CONFIRMrelated |
| https://csirt.divd.nl/CVE-2022-24384 | x_refsource_CONFIRMthird-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
|
| smartertools | smartertrack |
Affected:
0 , < 100.0.8075
(custom)
cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:* |
Date Public
2022-03-10 23:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartertrack",
"vendor": "smartertools",
"versions": [
{
"lessThan": "100.0.8075",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:43:20.098345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:57.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-10T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:41.607Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24384"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Reflective XSS on SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24384",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:41.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24386 (GCVE-0-2022-24386)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI
Title
Stored XSS in SmarterTrack v100.0.8019.14010
Summary
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://csirt.divd.nl/DIVD-2021-00029 | x_refsource_CONFIRMrelated |
| https://csirt.divd.nl/CVE-2022-24386 | x_refsource_CONFIRMthird-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
Date Public
2022-03-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:43.047Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24386"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Stored XSS in SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24386",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:43.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24385 (GCVE-0-2022-24385)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI
Title
Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
Summary
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-425 - Direct Request (Forced Browsing)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://csirt.divd.nl/DIVD-2021-00029 | x_refsource_CONFIRMrelated |
| https://csirt.divd.nl/CVE-2022-24385 | x_refsource_CONFIRMthird-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
Date Public
2022-03-11 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:13:03.172916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:56.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:44.472Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24385"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Information disclosure via direct object access on SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24385",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:44.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43977 (GCVE-0-2021-43977)
Vulnerability from cvelistv5 – Published: 2021-11-17 16:54 – Updated: 2024-08-04 04:10
VLAI
Summary
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | x_refsource_MISC |
| https://csirt.divd.nl/cases/DIVD-2021-00006/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://csirt.divd.nl/cases/DIVD-2021-00006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T16:54:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://csirt.divd.nl/cases/DIVD-2021-00006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.smartertools.com/smartermail/release-notes/current",
"refsource": "MISC",
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"name": "https://csirt.divd.nl/cases/DIVD-2021-00006/",
"refsource": "MISC",
"url": "https://csirt.divd.nl/cases/DIVD-2021-00006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43977",
"datePublished": "2021-11-17T16:54:13.000Z",
"dateReserved": "2021-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:16.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32234 (GCVE-0-2021-32234)
Vulnerability from cvelistv5 – Published: 2021-11-17 16:54 – Updated: 2024-08-03 23:17
VLAI
Summary
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | x_refsource_MISC |
| https://csirt.divd.nl/cases/DIVD-2021-00006/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://csirt.divd.nl/cases/DIVD-2021-00006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T16:54:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://csirt.divd.nl/cases/DIVD-2021-00006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.smartertools.com/smartermail/release-notes/current",
"refsource": "MISC",
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"name": "https://csirt.divd.nl/cases/DIVD-2021-00006/",
"refsource": "MISC",
"url": "https://csirt.divd.nl/cases/DIVD-2021-00006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32234",
"datePublished": "2021-11-17T16:54:02.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:17:29.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40377 (GCVE-0-2021-40377)
Vulnerability from cvelistv5 – Published: 2021-09-08 10:57 – Updated: 2024-08-04 02:44
VLAI
Summary
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:09.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-08T10:57:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.smartertools.com/smartermail/release-notes/current",
"refsource": "MISC",
"url": "https://www.smartertools.com/smartermail/release-notes/current"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40377",
"datePublished": "2021-09-08T10:57:35.000Z",
"dateReserved": "2021-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:44:09.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29548 (GCVE-0-2020-29548)
Vulnerability from cvelistv5 – Published: 2021-08-17 17:16 – Updated: 2024-08-04 16:55
VLAI
Summary
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | x_refsource_MISC |
| https://nostarttls.secvuln.info/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nostarttls.secvuln.info/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-17T17:16:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nostarttls.secvuln.info/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.smartertools.com/smartermail/release-notes/current",
"refsource": "MISC",
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"name": "https://nostarttls.secvuln.info/",
"refsource": "MISC",
"url": "https://nostarttls.secvuln.info/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29548",
"datePublished": "2021-08-17T17:16:05.000Z",
"dateReserved": "2020-12-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:55:10.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32233 (GCVE-0-2021-32233)
Vulnerability from cvelistv5 – Published: 2021-07-05 23:28 – Updated: 2024-08-03 23:17
VLAI
Summary
SmarterTools SmarterMail before Build 7776 allows XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail before Build 7776 allows XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-05T23:28:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterMail before Build 7776 allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.smartertools.com/smartermail/release-notes/current",
"refsource": "MISC",
"url": "https://www.smartertools.com/smartermail/release-notes/current"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32233",
"datePublished": "2021-07-05T23:28:40.000Z",
"dateReserved": "2021-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:17:29.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7213 (GCVE-0-2019-7213)
Vulnerability from cvelistv5 – Published: 2019-04-24 14:46 – Updated: 2024-08-04 20:46
VLAI
Summary
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | x_refsource_CONFIRM |
| https://www.nccgroup.trust/uk/our-research/techni… | x_refsource_MISC |
Date Public
2019-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T14:46:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.smartertools.com/smartermail/release-notes/current",
"refsource": "CONFIRM",
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7213",
"datePublished": "2019-04-24T14:46:14.000Z",
"dateReserved": "2019-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:44.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7212 (GCVE-0-2019-7212)
Vulnerability from cvelistv5 – Published: 2019-04-24 14:43 – Updated: 2024-08-04 20:46
VLAI
Summary
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | x_refsource_CONFIRM |
| https://www.nccgroup.trust/uk/our-research/techni… | x_refsource_MISC |
Date Public
2019-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users\u2019 emails and file attachments. It was also possible to interact with mailing lists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T14:43:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users\u2019 emails and file attachments. It was also possible to interact with mailing lists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.smartertools.com/smartermail/release-notes/current",
"refsource": "CONFIRM",
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7212",
"datePublished": "2019-04-24T14:43:02.000Z",
"dateReserved": "2019-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:44.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7211 (GCVE-0-2019-7211)
Vulnerability from cvelistv5 – Published: 2019-04-24 14:37 – Updated: 2024-08-04 20:46
VLAI
Summary
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.smartertools.com/smartermail/release-… | x_refsource_CONFIRM |
| https://www.nccgroup.trust/uk/our-research/techni… | x_refsource_MISC |
Date Public
2019-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-24T14:37:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.smartertools.com/smartermail/release-notes/current",
"refsource": "CONFIRM",
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"name": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7211",
"datePublished": "2019-04-24T14:37:13.000Z",
"dateReserved": "2019-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:44.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7214 (GCVE-0-2019-7214)
Vulnerability from cvelistv5 – Published: 2019-04-24 00:00 – Updated: 2024-08-04 20:46
VLAI
Summary
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public
2019-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173388/SmarterTools-SmarterMail-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.smartertools.com/smartermail/release-notes/current"
},
{
"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/"
},
{
"url": "http://packetstormsecurity.com/files/160416/SmarterMail-6985-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/173388/SmarterTools-SmarterMail-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7214",
"datePublished": "2019-04-24T00:00:00.000Z",
"dateReserved": "2019-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:44.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9276 (GCVE-0-2015-9276)
Vulnerability from cvelistv5 – Published: 2019-01-16 16:00 – Updated: 2024-08-06 08:43
VLAI
Summary
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.nccgroup.trust/uk/our-research/smarte… | x_refsource_MISC |
| https://www.nccgroup.trust/globalassets/our-resea… | x_refsource_MISC |
| https://www.smartertools.com/smartermail/release-… | x_refsource_MISC |
Date Public
2019-01-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:42.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.smartertools.com/smartermail/release-notes/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker\u0027s email, which contained a malicious payload. Therefore, users\u0027 passwords could be reset by using an XSS attack, as the password reset page did not need the current password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-16T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.smartertools.com/smartermail/release-notes/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker\u0027s email, which contained a malicious payload. Therefore, users\u0027 passwords could be reset by using an XSS attack, as the password reset page did not need the current password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/"
},
{
"name": "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf"
},
{
"name": "https://www.smartertools.com/smartermail/release-notes/13",
"refsource": "MISC",
"url": "https://www.smartertools.com/smartermail/release-notes/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9276",
"datePublished": "2019-01-16T16:00:00.000Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:43:42.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14620 (GCVE-0-2017-14620)
Vulnerability from cvelistv5 – Published: 2017-09-29 15:00 – Updated: 2024-08-05 19:34
VLAI
Summary
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/42923/ | exploitx_refsource_EXPLOIT-DB |
| http://xss.cx/cve/2017/14620/smarterstats.v11-3-6… | x_refsource_MISC |
Date Public
2017-09-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42923",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42923/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-02T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42923",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42923/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42923",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42923/"
},
{
"name": "http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html",
"refsource": "MISC",
"url": "http://xss.cx/cve/2017/14620/smarterstats.v11-3-6347.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14620",
"datePublished": "2017-09-29T15:00:00.000Z",
"dateReserved": "2017-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:34:39.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2578 (GCVE-0-2012-2578)
Vulnerability from cvelistv5 – Published: 2012-09-19 10:00 – Updated: 2024-09-17 02:36
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/20362/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20362",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20362/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-19T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20362",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/20362/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20362",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20362/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2578",
"datePublished": "2012-09-19T10:00:00.000Z",
"dateReserved": "2012-05-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:36:43.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4750 (GCVE-0-2011-4750)
Vulnerability from cvelistv5 – Published: 2011-12-16 11:00 – Updated: 2024-09-16 18:43
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://xss.cx/examples/exploits/stored-reflected-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-16T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4750",
"datePublished": "2011-12-16T11:00:00.000Z",
"dateReserved": "2011-12-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:43:43.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4752 (GCVE-0-2011-4752)
Vulnerability from cvelistv5 – Published: 2011-12-16 11:00 – Updated: 2024-08-07 00:16
VLAI
Summary
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://xss.cx/examples/exploits/stored-reflected-… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2011-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
},
{
"name": "smarterstat-ctheader-unspecified(72204)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
},
{
"name": "smarterstat-ctheader-unspecified(72204)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
},
{
"name": "smarterstat-ctheader-unspecified(72204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4752",
"datePublished": "2011-12-16T11:00:00.000Z",
"dateReserved": "2011-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:16:34.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4751 (GCVE-0-2011-4751)
Vulnerability from cvelistv5 – Published: 2011-12-16 11:00 – Updated: 2024-08-07 00:16
VLAI
Summary
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://xss.cx/examples/exploits/stored-reflected-… | x_refsource_MISC |
Date Public
2011-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:16:34.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "smartertools-smarterstats-fgs-info-disc(72203)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "smartertools-smarterstats-fgs-info-disc(72203)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smartertools-smarterstats-fgs-info-disc(72203)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72203"
},
{
"name": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4751",
"datePublished": "2011-12-16T11:00:00.000Z",
"dateReserved": "2011-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:16:34.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}