SmarterTools SmarterMail Cross-Site Scripting Vulnerability

SmarterTools SmarterMail Cross-Site Scripting Vulnerability

SmarterMail version 1.61 and prior has been reported to be prone to a cross-site scriptng vulnerability.

The issue presents itself due to insufficient sanitization of user-supplied data when using the spell check function. This could allow for execution of hostile HTML and script code in the web client of a user who visits a vulnerable web page. This would occur in the security context of the site hosting the software.