Cross-Site Scripting Vulnerability in SmarterMail by SmarterTools
CVE-2021-43977

6.1MEDIUM

Key Information:

Vendor: Smartertools
Status: Smartermail
Vendor: CVE Published:; 17 November 2021

What is CVE-2021-43977?

The vulnerability in SmarterMail versions 16.x through 100.x allows attackers to exploit cross-site scripting (XSS) by injecting malicious scripts into web pages, which can lead to unauthorized actions or data theft. This security flaw underscores the importance of applying the latest updates to ensure that your email services remain secure from potential exploitation. Users are advised to upgrade to version 100.0.7803 or later to mitigate this risk. For more information, please refer to the official release notes.

References

https://www.smartertools.com/smartermail/release-notes/cu...

x_refsource_MISC

https://csirt.divd.nl/cases/DIVD-2021-00006/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 17, 2021
Vulnerability Reserved
Nov 17, 2021

Smartertools

What is CVE-2021-43977?

References

CVSS V3.1

Timeline