16 Jan 2019
CVE-2015-9276 - CVE Vulnerability
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. (CVSS:0.0) (Last Update:2019-01-16)
Vulnerability Details : SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. Publish Date : 2019-01-16 Last Update Date : 2019-01-16 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2015-9276
- References For CVE-2015-9276 | |||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2015-9276There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |