Lucene search
K

95 matches found

NVD
NVD
added 2024/07/15 9:15 a.m.36 views

CVE-2024-6741

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

5.8CVSS0.00644EPSS
Exploits1References3
OSV
OSV
added 2024/07/15 9:15 a.m.5 views

CVE-2024-6741

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

5.3CVSS5.9AI score0.00644EPSS
Exploits1References3
CVE
CVE
added 2024/07/15 8:26 a.m.79 views

CVE-2024-6741

Summary: Multiple sources describe a vulnerability in Openfind Mail2000 where the HttpOnly flag can be bypassed, enabling unauthenticated remote attackers to obtain the session cookie via crafted JavaScript. Affected product: Openfind Mail2000 (email web system). Technical details: Bypass of Http...

5.8CVSS5.5AI score0.00644EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/07/15 8:26 a.m.31 views

CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

5.8CVSS0.00644EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/07/15 8:26 a.m.15 views

CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...

5.8CVSS7AI score0.00644EPSS
Exploits1References3
NVD
NVD
added 2024/07/15 8:15 a.m.25 views

CVE-2024-6740

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

6.1CVSS0.00502EPSS
Exploits1References3
OSV
OSV
added 2024/07/15 8:15 a.m.4 views

CVE-2024-6740

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

6.1CVSS5.9AI score0.00502EPSS
Exploits1References3
CVE
CVE
added 2024/07/15 8:0 a.m.64 views

CVE-2024-6740

Openfind Mail2000 is affected by a Stored XSS vulnerability arising from improper validation of email attachments. An unauthenticated remote attacker can inject JavaScript into an attachment, with the attack executed when the attachment is viewed (stored XSS). Affected product: Openfind Mail2000....

6.1CVSS6.3AI score0.00502EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/15 8:0 a.m.33 views

CVE-2024-6740 Openfind Mail2000 - Stored XSS

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

6.1CVSS6.7AI score0.00502EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/07/15 8:0 a.m.30 views

CVE-2024-6740 Openfind Mail2000 - Stored XSS

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...

6.1CVSS0.00502EPSS
Exploits1References3
OSV
OSV
added 2024/07/15 4:15 a.m.2 views

CVE-2024-6739

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...

6.1CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/15 3:15 a.m.17 views

CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...

5.3CVSS7AI score0.00447EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/07/15 3:15 a.m.26 views

CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag

The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...

5.3CVSS0.00447EPSS
Exploits1References3
CVE
CVE
added 2024/07/15 3:15 a.m.58 views

CVE-2024-6739

CVE-2024-6739 affects Openfind MailGates and MailAudit. The root cause is a session cookie without the HttpOnly flag, enabling potential cookie theft via XSS. Public details indicate affected versions include Openfind MailGates < 6.1.7.040 and MailAudit

6.1CVSS5.5AI score0.00447EPSS
Exploits1References3Affected Software2
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.3 views

Openfind MailGates and Openfind MailAudit Security Vulnerabilities

Openfind MailGates and Openfind MailAudit are both products of China's Openfind Corporation.Openfind MailGates is an email security system. Openfind MailGates is an email security system that supports email filtering and APT attack defense, etc. Openfind MailAudit is a software for enterprise ema...

6.1CVSS5.9AI score0.00447EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.9 views

Openfind Mail2000 Security Vulnerability

Openfind Mail2000 is a web-based email system from China Netrock Information Openfind. A security vulnerability exists in Openfind Mail2000 that originates from allowing bypassing the HttpOnly flag, which allows an unauthenticated, remote attacker to obtain a session cookie with the HttpOnly flag...

5.8CVSS6.7AI score0.00644EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.7 views

PT-2024-37836 · Openfind · Openfind Mail2000

Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue allows unauthenticated remote attackers to inject JavaScript code within email attachments, resulting in Stored Cross-site scripting attacks, due to improper validation ...

6.1CVSS6.7AI score0.00502EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.22 views

Openfind Mail2000 Cross-Site Scripting Vulnerability

Openfind Mail2000 is a Web-based email system from China's Openfind. A cross-site scripting vulnerability exists in Openfind Mail2000, which originates from not properly validating email attachments, allowing an unauthenticated, remote attacker to inject JavaScript code into the attachments and...

6.1CVSS6.2AI score0.00502EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.6 views

PT-2024-37837 · Openfind · Openfind Mail2000

Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue allows unauthenticated remote attackers to bypass the HttpOnly flag. Attackers can exploit this using specific JavaScript code to obtain the session cookie with the...

5.8CVSS7.3AI score0.00644EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.5 views

PT-2024-37835 · Openfind · Openfind Mailgates +1

Name of the Vulnerable Software and Affected Versions: Openfind MailGates and MailAudit affected versions not specified Description: The issue concerns the session cookie in MailGates and MailAudit, which does not have the HttpOnly flag enabled. This allows remote attackers to potentially steal t...

6.1CVSS7AI score0.00447EPSS
Exploits1References7
Rows per page
Query Builder