PT-2004-3476 · Smartertools · Smartermail
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-2585
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SmarterMail versions 1.6.1511 through 1.6.1529
Description
A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area of frmCompose.aspx.
Recommendations
For versions 1.6.1511 through 1.6.1529, consider disabling the "check spelling" feature in the compose area until a patch is available. Restrict access to the frmCompose.aspx page to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Smartermail