PT-2021-22883 · Smartertools · Smartermail

Published

2021-09-08

Updated

2021-09-14

CVE-2021-40377

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions 16.x before build 7866

Description The issue arises from the application's failure to sanitize email content, allowing the injection of HTML and/or JavaScript into a page that will then be processed and stored by the application. This leads to stored XSS.

Recommendations For versions 16.x before build 7866, update to build 7866 or later to resolve the issue. As a temporary workaround, consider restricting the ability to inject HTML and/or JavaScript into email content to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-40377

Affected Products

Smartermail

PT-2021-22883 · Smartertools · Smartermail

CVE-2021-40377

Weakness Enumeration

Related Identifiers

Affected Products

References · 3