Cross-Site Scripting Vulnerability in SmarterMail by SmarterTools
CVE-2004-2585

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smartermail
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2585?

A cross-site scripting vulnerability exists in the frmCompose.aspx file of SmarterMail versions 1.6.1511 and 1.6.1529. This flaw allows remote attackers to execute arbitrary JavaScript or HTML code by taking advantage of the 'check spelling' feature in the compose area. Malicious input provided by an attacker can lead to unauthorized actions performed on behalf of users, potentially compromising sensitive information.

References

http://www.securityfocus.com/bid/9805

vdb-entryx_refsource_BID

http://www.zone-h.org/advisories/read/id=4098

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/15393

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Nov 28, 2005
Vulnerability published
Dec 31, 2004

Smartertools

What is CVE-2004-2585?

References

Timeline