Arbitrary Script Injection in SmarterMail's Check Spelling Feature

Arbitrary Script Injection in SmarterMail's Check Spelling Feature

CVE-2004-2585 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area.

Learn more about our Web App Pen Testing.