Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Feb 22

SEC Consult Vulnerability Lab Security Advisory < 20260218-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: NesterSoft WorkTime (on-prem/cloud)
vulnerable version: <= 11.8.8
fixed version: No patch available, vendor unresponsive.
CVE number: CVE-2025-15563, CVE-2025-15562, CVE-2025-15561...

Posted by Egidio Romano on Feb 22

----------------------------------------------------------------------------
SmarterMail <= 9518 (MailboxId) Reflected Cross-Site Scripting Vulnerability
----------------------------------------------------------------------------

[-] Software Link:

https://www.smartertools.com/smartermail/business-email-server

[-] Affected Versions:

Build 9518 and prior builds.

[-] Vulnerability Description:

User input passed through the...