CVE-2021-40377 Stored XSS via email content allow account takeover

1. Vulnerability Properties

Title: Stored XSS via email content allow account takeover
CVE ID: CVE-2021-40377
CVSSv3 Base Score: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Vendor: SmarterTools
Products: Smarter Mail
Advisory Release Date: 22-07-2022
Advisory URL: https://labs.integrity.pt/advisories/cve-2021-40377
Credits: Discovery by Diogo Real <dr[at]integrity.pt>

2. Vulnerability Summary

SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application. An attacker could send a malicious email allowing him to exfiltrate victim Session Storage token, this resulting in account takeover by reusing victim token.

3. Vulnerable Versions

  • < build 7866

4. Solution

  • Update to build 7866 or higher

5. Vulnerability Timeline

  • 1/Jul/21  - Bug reported
  • 9/Jul/21 - Bug verified by vendor
  • 14/Jul/21 - Bug fixed
  • 22/Jul/22 - Advisory realeased

6. References

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40377
  • https://www.smartertools.com/smartermail/release-notes/current


© 2022 Integrity Part of Devoteam. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.