1.1. http://vulnerable.smartermail.8.0.4086.25048.host:9998/Logout.aspx [STTTState cookie]
1.2. http://vulnerable.smartermail.8.0.4086.25048.host:9998/Main/frmTask.aspx [user parameter]
2. Cross-site scripting (stored) - CWE-79
Version Identification of SmarterMail 8.0.4086.25048 SmarterMail 8.0.4086.25048 with MD5 Checksum of a89fc0a43578aa9f66463d97b1caaf15 smartermail8_setup.exe
HTTP Request | Response Pair and Alert.Popup with SmarterMail Version ID in the ctl00%24MPH%24wucContactInfo%24txtEmailAddress_SettingText parameter.
This input was returned unmodified in a subsequent request for the URL /Main/frmPopupContactsList.aspx.