Shodan
Vulnerabilities
Vulnerable Software
Smartertools:  Security Vulnerabilities
CVE-2022-24386
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-03-14
CVE-2022-24387
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
CVSS Score
9.1
EPSS Score
0.006
Published
2022-03-14
CVE-2021-32234
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-11-17
CVE-2021-43977
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-11-17
CVE-2021-40377
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-08
CVE-2020-29548
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session.
CVSS Score
8.1
EPSS Score
0.006
Published
2021-08-17
CVE-2021-32233
SmarterTools SmarterMail before Build 7776 allows XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-07-06
CVE-2019-7213
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
CVSS Score
6.5
EPSS Score
0.134
Published
2019-04-24
CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
CVSS Score
9.8
EPSS Score
0.826
Published
2019-04-24
CVE-2019-7211
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-04-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved