Stored XSS Vulnerability in SmarterMail by SmarterTools
CVE-2021-40377

5.4MEDIUM

Key Information:

Vendor: Smartertools
Status: Smartermail
Vendor: CVE Published:; 8 September 2021

What is CVE-2021-40377?

SmarterMail, a product by SmarterTools, is affected by a stored cross-site scripting vulnerability where the application inadequately sanitizes email content. This flaw allows attackers to inject malicious HTML and JavaScript code, which is then stored by the application, potentially compromising the integrity and security of users accessing the affected content. This vulnerability underlines the importance of proper input validation to safeguard against such injection attacks.

References

https://www.smartertools.com/smartermail/release-notes/cu...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 8, 2021
Vulnerability Reserved
Sep 1, 2021

Smartertools

What is CVE-2021-40377?

References

CVSS V3.1

Timeline