CVE-2023-48115
N/A
N/A
Summary
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.smartertools.com/smartermail/release-notes/current
- https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail
References
- https://www.smartertools.com/smartermail/release-notes/current
- https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.