SmarterTools released to address this. The fix involved:
While not a household name like Log4j or Heartbleed, the issue referenced by the internal tracking number (often associated with a Cross-Site Scripting (XSS) vulnerability in versions prior to SmarterMail 16.x) represents a critical class of attack that could compromise entire mail servers. smartermail 6919 exploit
The exploitation of CVE-2024-6919 has severe consequences for organizations: SmarterTools released to address this