Stored XSS Vulnerability in SmarterTools SmarterMail before 13.3.5535 Allows Password Reset via Bypassing Anti-XSS Mechanisms

Stored XSS Vulnerability in SmarterTools SmarterMail before 13.3.5535 Allows Password Reset via Bypassing Anti-XSS Mechanisms

CVE-2015-9276 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.

Learn more about our User Device Pen Test.