CVE-2023-48115 Information

Dec 22, 2023 cve

Description

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.

Reference

https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail https://www.smartertools.com/smartermail/release-notes/current

Share on: