CVE-2015-9276

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 13.3.5535

Description The issue allows for stored XSS attacks by bypassing anti-XSS mechanisms. An attacker can run JavaScript code when a victim user opens or replies to a malicious email. This could lead to users' passwords being reset without needing the current password, as the password reset page does not require it.

Recommendations For versions prior to 13.3.5535, update to version 13.3.5535 or later to resolve the issue. As a temporary workaround, consider restricting access to email contents from untrusted sources to minimize the risk of exploitation.