Cross-Site Scripting Vulnerabilities in SmarterMail by SmarterTools
CVE-2012-2578

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smartermail
Vendor: CVE Published:; 19 September 2012

What is CVE-2012-2578?

Multiple cross-site scripting (XSS) vulnerabilities exist in SmarterMail 9.2, enabling remote attackers to inject arbitrary web scripts or HTML through an email message body. These vulnerabilities can be exploited using methods such as JavaScript alert functions in conjunction with fromCharCode, inserting SCRIPT elements, manipulating CSS expression properties in the STYLE attribute, or altering innerHTML attributes within XML documents. Attackers could leverage these weaknesses to achieve unauthorized access or perform actions on behalf of users.

References

http://www.exploit-db.com/exploits/20362/

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 19, 2012

Smartertools

What is CVE-2012-2578?

References

Timeline