CVE-2012-2578

SmarterMail 9.2 - Cross-Site Scripting via Email Message Body

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2578. PoCs published by loneferret.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in SmarterMail Free 9.2 by sending an email with a malicious payload. The payload is executed when the victim views the email in a vulnerable client.

Description

Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.

Exploits (1)

exploitdb WORKING POC VERIFIED

by loneferret · pythonwebappswindows

https://www.exploit-db.com/exploits/20362

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in SmarterMail Free 9.2 by sending an email with a malicious payload. The payload is executed when the victim views the email in a vulnerable client.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SmarterMail Free 9.2

Auth required

Prerequisites: Valid credentials for the SmarterMail server · SMTP access to the target server

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/20362/

Scores

EPSS 0.0247

EPSS Percentile 82.4%

Details

CWE

CWE-79

Status published

Products (1)

smartertools/smartermail 9.2

Published Sep 19, 2012

Tracked Since Feb 18, 2026