Unrated severityNVD Advisory· Published Dec 21, 2023· Updated Aug 2, 2024
CVE-2023-48114
CVE-2023-48114
Description
SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: >=8495, <=8664, fixed in 8747
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.