threat
engine
.sh
Back
·
··:··
Home
/
Product
/
smartertools smartermail
Product
smartertools smartermail
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-25067
< 100.0.9518
SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-o
5.3
MEDIUM
CVE-2026-24423
< 100.0.9511
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the Connec
9.8
CRITICAL
CVE-2026-23760
< 100.0.9511
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. Th
9.8
CRITICAL
CVE-2025-52691
< 100.0.9413
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on
10.0
CRITICAL
CVE-2023-48116
>= 16.0.8495 and < 16.0.8747
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.
5.4
MEDIUM
CVE-2023-48115
>= 16.0.8495 and < 16.0.8747
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when m
5.4
MEDIUM
CVE-2023-48114
>= 16.0.8495 and < 16.0.8747
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This
5.4
MEDIUM
CVE-2021-43977
>= 16.0.6345 and < 100.0.7803
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
6.1
MEDIUM
CVE-2021-32234
>= 16.0.6345 and < 100.0.7803
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.
9.8
CRITICAL
CVE-2021-40377
>= 16.0.6345 and < 16.3.7866
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one
5.4
MEDIUM
CVE-2020-29548
<= 100.0.7537
An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands afte
8.1
HIGH
CVE-2021-32233
< 16.3.7776
SmarterTools SmarterMail before Build 7776 allows XSS.
6.1
MEDIUM
CVE-2019-7214
>= 16.0.6345 and < 16.3.6985
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run co
9.8
CRITICAL
CVE-2019-7213
>= 16.0.6345 and < 16.3.6985
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or
6.5
MEDIUM
CVE-2019-7212
>= 16.0.6345 and < 16.3.6985
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’
8.2
HIGH
CVE-2019-7211
>= 16.0.6345 and < 16.3.6955
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a
6.1
MEDIUM
CVE-2015-9276
< 13.3.5535
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to ru
6.1
MEDIUM
CVE-2012-2578
all versions
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HT
CVE-2010-3486
all versions
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary file
CVE-2008-1854
all versions
Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a deni
CVE-2004-2587
all versions
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtus
CVE-2004-2586
all versions
Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attacke
CVE-2004-2585
all versions
Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attack
CVE-2004-2584
all versions
frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that Smar
CVE-2004-2583
all versions
SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumpti
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin