CVE-2015-9276

SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf	Third Party Advisory
https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/	Third Party Advisory
https://www.smartertools.com/smartermail/release-notes/13	Release Notes
https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf	Third Party Advisory
https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/	Third Party Advisory
https://www.smartertools.com/smartermail/release-notes/13	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-01-16 16:29

Updated : 2024-11-21 02:40

NVD link : CVE-2015-9276

Mitre link : CVE-2015-9276

CVE.ORG link : CVE-2015-9276

JSON object : View

Products Affected

smartertools

smartermail

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2015-9276", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-01-16T16:29:00.197", "references": [{"url": "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.smartertools.com/smartermail/release-notes/13", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://www.nccgroup.trust/globalassets/our-research/uk/technical-advisories/2015/technical-advisory-smartermail-stored-xss-in-emails-v2.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.nccgroup.trust/uk/our-research/smartermail-stored-xss-in-emails/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.smartertools.com/smartermail/release-notes/13", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password."}, {"lang": "es", "value": "SmarterTools SmarterMail, en versiones anteriores a la 13.3.5535, era vulnerable a Cross-Site Scripting (XSS) persistente mediante la omisi\u00f3n del mecanismo anti-XSS. Era posible ejecutar c\u00f3digo JavaScript cuando un usuario v\u00edctima abre o contesta al correo electr\u00f3nico del atacante, que conten\u00eda una carga \u00fatil maliciosa. Por lo tanto, las contrase\u00f1as de los usuarios podr\u00edan restablecerse utilizando un ataque XSS, ya que la p\u00e1gina de restablecimiento de contrase\u00f1a no necesitaba la contrase\u00f1a actual."}], "lastModified": "2024-11-21T02:40:13.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89F2FBA5-CD48-4945-B8A2-439094959D95", "versionEndExcluding": "13.3.5535"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}