PT-2019-18463 · Smartertools · Smartermail
Publicado
2019-04-24
·
Atualizado
2019-04-29
·
CVE-2019-7211
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SmarterTools SmarterMail versions 16.x before build 6995
Description
The issue allows JavaScript code to be executed on the application, potentially leading to stored XSS. This can occur when a user opens a malicious email or views a malicious file attachment.
Recommendations
For versions 16.x before build 6995, update to build 6995 or later to resolve the issue. As a temporary workaround, consider restricting access to email and file attachments from untrusted sources until the update is applied.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Smartermail