CVE-2023-48115
- Reference to the description:
- Description:
- SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.
- Last updated date:
- 01/04/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/04/2024
- Reference url to background
https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail