CVE-2004-2585

Name of the Vulnerable Software and Affected Versions SmarterMail versions 1.6.1511 through 1.6.1529

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area of frmCompose.aspx.

Recommendations For versions 1.6.1511 through 1.6.1529, consider disabling the "check spelling" feature in the compose area until a patch is available. Restrict access to the frmCompose.aspx page to minimize the risk of exploitation.