SmarterTools SmarterMail Cross-Site Scripting Vulnerability
BID:9805
Info
SmarterTools SmarterMail Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9805 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 04 2004 12:00AM |
| Updated: | Mar 04 2004 12:00AM |
| Credit: | The disclosure of these issues has been credited to Dr_insane <[email protected]>. |
| Vulnerable: |
SmarterTools SmarterMail 1.61 |
| Not Vulnerable: |
SmarterTools SmarterMail 1.62 |
Discussion
SmarterTools SmarterMail Cross-Site Scripting Vulnerability
SmarterMail version 1.61 and prior has been reported to be prone to a cross-site scriptng vulnerability.
The issue presents itself due to insufficient sanitization of user-supplied data when using the spell check function. This could allow for execution of hostile HTML and script code in the web client of a user who visits a vulnerable web page. This would occur in the security context of the site hosting the software.
SmarterMail version 1.61 and prior has been reported to be prone to a cross-site scriptng vulnerability.
The issue presents itself due to insufficient sanitization of user-supplied data when using the spell check function. This could allow for execution of hostile HTML and script code in the web client of a user who visits a vulnerable web page. This would occur in the security context of the site hosting the software.
Exploit / POC
SmarterTools SmarterMail Cross-Site Scripting Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
SmarterTools SmarterMail Cross-Site Scripting Vulnerability
Solution:
This vulnerability is reported by the vendor to be addressed in version 1.62 of
SmarterMail. Customers are advised to contact the vendor for further information.
Solution:
This vulnerability is reported by the vendor to be addressed in version 1.62 of
SmarterMail. Customers are advised to contact the vendor for further information.
References
SmarterTools SmarterMail Cross-Site Scripting Vulnerability
References:
References:
- SmarterMail Product Page (SmarterTools)