Описание
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.
Ссылки
- ExploitThird Party Advisory
- Release Notes
- ExploitThird Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия от 16.0.8495 (включая) до 16.0.8747 (исключая)
cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00169
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 2 лет назад
SmarterTools SmarterMail 16.x 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.
EPSS
Процентиль: 39%
0.00169
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79