Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for SmarterTrack by SmarterTools
CVE-2020-36926 (GCVE-0-2020-36926)
Vulnerability from nvd – Published: 2026-01-15 23:25 – Updated: 2026-04-07 14:05
VLAI?
Title
SmarterTools SmarterTrack 7922 -Information Disclosure
Summary
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.
Severity ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Smartertools | SmarterTools SmarterTrack |
Affected:
10.0
Affected: 14.0 |
Date Public ?
2021-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36926",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T16:30:42.235818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T16:30:59.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50328"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SmarterTools SmarterTrack",
"vendor": "Smartertools",
"versions": [
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "14.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smartertools:smartermail:10.x:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrei Manole"
}
],
"datePublic": "2021-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents\u0027 first and last names along with their unique identifiers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:05:01.488Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50328",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50328"
},
{
"name": "SmarterTools Official Homepage",
"tags": [
"product"
],
"url": "https://www.smartertools.com/"
},
{
"name": "SmarterTrack Product Page",
"tags": [
"product"
],
"url": "https://www.smartertools.com/smartertrack"
},
{
"name": "VulnCheck Advisory: SmarterTools SmarterTrack 7922 -Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartertrack-information-disclosure"
}
],
"title": "SmarterTools SmarterTrack 7922 -Information Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36926",
"datePublished": "2026-01-15T23:25:33.221Z",
"dateReserved": "2026-01-10T13:50:35.693Z",
"dateUpdated": "2026-04-07T14:05:01.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-24387 (GCVE-0-2022-24387)
Vulnerability from nvd – Published: 2022-03-14 12:15 – Updated: 2025-03-11 13:39
VLAI?
Title
File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
Summary
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
Severity ?
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.0.8019.x , < Build 8075
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartertrack",
"vendor": "smartertools",
"versions": [
{
"lessThan": "Build_8075",
"status": "affected",
"version": "100.0.8019.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T15:40:24.373881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:53.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csrit.divd.nl/CVE-2022-24387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.0.8019.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"value": "With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:25.911Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24387/"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24387",
"datePublished": "2022-03-14T12:15:59.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:39:25.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24386 (GCVE-0-2022-24386)
Vulnerability from nvd – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI?
Title
Stored XSS in SmarterTrack v100.0.8019.14010
Summary
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
Date Public ?
2022-03-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:43.047Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24386"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Stored XSS in SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24386",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:43.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24385 (GCVE-0-2022-24385)
Vulnerability from nvd – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI?
Title
Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
Summary
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity ?
6.5 (Medium)
CWE
- CWE-425 - Direct Request (Forced Browsing)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
Date Public ?
2022-03-11 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:13:03.172916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:56.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:44.472Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24385"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Information disclosure via direct object access on SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24385",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:44.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24384 (GCVE-0-2022-24384)
Vulnerability from nvd – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI?
Title
Reflective XSS on SmarterTrack v100.0.8019.14010
Summary
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
Date Public ?
2022-03-10 23:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartertrack",
"vendor": "smartertools",
"versions": [
{
"lessThan": "100.0.8075",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:43:20.098345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:57.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-10T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:41.607Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24384"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Reflective XSS on SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24384",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:41.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4995 (GCVE-0-2009-4995)
Vulnerability from nvd – Published: 2010-08-25 19:00 – Updated: 2024-09-16 22:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-25T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4995",
"datePublished": "2010-08-25T19:00:00.000Z",
"dateReserved": "2010-08-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:52:08.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4994 (GCVE-0-2009-4994)
Vulnerability from nvd – Published: 2010-08-25 19:00 – Updated: 2024-09-16 23:25
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/123/45/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx"
},
{
"name": "36172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-25T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/123/45/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx"
},
{
"name": "36172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/123/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/123/45/"
},
{
"name": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx",
"refsource": "CONFIRM",
"url": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx"
},
{
"name": "36172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4994",
"datePublished": "2010-08-25T19:00:00.000Z",
"dateReserved": "2010-08-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:25:29.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36926 (GCVE-0-2020-36926)
Vulnerability from cvelistv5 – Published: 2026-01-15 23:25 – Updated: 2026-04-07 14:05
VLAI?
Title
SmarterTools SmarterTrack 7922 -Information Disclosure
Summary
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.
Severity ?
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Smartertools | SmarterTools SmarterTrack |
Affected:
10.0
Affected: 14.0 |
Date Public ?
2021-09-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36926",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T16:30:42.235818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T16:30:59.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50328"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SmarterTools SmarterTrack",
"vendor": "Smartertools",
"versions": [
{
"status": "affected",
"version": "10.0"
},
{
"status": "affected",
"version": "14.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smartertools:smartermail:10.x:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrei Manole"
}
],
"datePublic": "2021-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents\u0027 first and last names along with their unique identifiers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:05:01.488Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50328",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50328"
},
{
"name": "SmarterTools Official Homepage",
"tags": [
"product"
],
"url": "https://www.smartertools.com/"
},
{
"name": "SmarterTrack Product Page",
"tags": [
"product"
],
"url": "https://www.smartertools.com/smartertrack"
},
{
"name": "VulnCheck Advisory: SmarterTools SmarterTrack 7922 -Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartertools-smartertrack-information-disclosure"
}
],
"title": "SmarterTools SmarterTrack 7922 -Information Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36926",
"datePublished": "2026-01-15T23:25:33.221Z",
"dateReserved": "2026-01-10T13:50:35.693Z",
"dateUpdated": "2026-04-07T14:05:01.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-24387 (GCVE-0-2022-24387)
Vulnerability from cvelistv5 – Published: 2022-03-14 12:15 – Updated: 2025-03-11 13:39
VLAI?
Title
File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010
Summary
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
Severity ?
9.1 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.0.8019.x , < Build 8075
(custom)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartertrack",
"vendor": "smartertools",
"versions": [
{
"lessThan": "Build_8075",
"status": "affected",
"version": "100.0.8019.x",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T15:40:24.373881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:53.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csrit.divd.nl/CVE-2022-24387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.0.8019.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"value": "With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:39:25.911Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24387/"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "File upload and overwrite to app_data/Config in SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24387",
"datePublished": "2022-03-14T12:15:59.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:39:25.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24386 (GCVE-0-2022-24386)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI?
Title
Stored XSS in SmarterTrack v100.0.8019.14010
Summary
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
Date Public ?
2022-03-11 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:43.047Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24386"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Stored XSS in SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24386",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:43.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24385 (GCVE-0-2022-24385)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI?
Title
Information disclosure via direct object access on SmarterTrack v100.0.8019.14010
Summary
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity ?
6.5 (Medium)
CWE
- CWE-425 - Direct Request (Forced Browsing)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
Date Public ?
2022-03-11 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T14:13:03.172916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:56.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (Forced Browsing)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:44.472Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24385"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Information disclosure via direct object access on SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24385",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:44.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24384 (GCVE-0-2022-24384)
Vulnerability from cvelistv5 – Published: 2022-03-14 00:00 – Updated: 2025-03-11 13:40
VLAI?
Title
Reflective XSS on SmarterTrack v100.0.8019.14010
Summary
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
Severity ?
8.8 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SmarterTools | SmarterTrack |
Affected:
100.x , < Build 8075
(custom)
|
Date Public ?
2022-03-10 23:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:smartertools:smartertrack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartertrack",
"vendor": "smartertools",
"versions": [
{
"lessThan": "100.0.8075",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T15:43:20.098345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:57.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related",
"x_transferred"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2022-24384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmarterTrack",
"vendor": "SmarterTools",
"versions": [
{
"lessThan": "Build 8075",
"status": "affected",
"version": "100.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Finn van der Knaap (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
}
],
"datePublic": "2022-03-10T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.\u003c/p\u003e"
}
],
"value": "Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T13:40:41.607Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"related"
],
"url": "https://csirt.divd.nl/DIVD-2021-00029"
},
{
"tags": [
"x_refsource_CONFIRM",
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2022-24384"
}
],
"source": {
"advisory": "DIVD-2021-00029",
"discovery": "INTERNAL"
},
"title": "Reflective XSS on SmarterTrack v100.0.8019.14010",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2022-24384",
"datePublished": "2022-03-14T00:00:00.000Z",
"dateReserved": "2022-02-03T00:00:00.000Z",
"dateUpdated": "2025-03-11T13:40:41.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4995 (GCVE-0-2009-4995)
Vulnerability from cvelistv5 – Published: 2010-08-25 19:00 – Updated: 2024-09-16 22:52
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-25T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4995",
"datePublished": "2010-08-25T19:00:00.000Z",
"dateReserved": "2010-08-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:52:08.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4994 (GCVE-0-2009-4994)
Vulnerability from cvelistv5 – Published: 2010-08-25 19:00 – Updated: 2024-09-16 23:25
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:53.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/123/45/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx"
},
{
"name": "36172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-25T19:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/123/45/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx"
},
{
"name": "36172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/123/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/123/45/"
},
{
"name": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx",
"refsource": "CONFIRM",
"url": "http://www.smartertools.com/SmarterTrack/ReleaseNotes.aspx"
},
{
"name": "36172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4994",
"datePublished": "2010-08-25T19:00:00.000Z",
"dateReserved": "2010-08-25T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:25:29.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}