95 matches found
CVE-2024-6741
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...
CVE-2024-6741
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...
CVE-2024-6741
Summary: Multiple sources describe a vulnerability in Openfind Mail2000 where the HttpOnly flag can be bypassed, enabling unauthenticated remote attackers to obtain the session cookie via crafted JavaScript. Affected product: Openfind Mail2000 (email web system). Technical details: Bypass of Http...
CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...
CVE-2024-6741 Openfind Mail2000 - HttpOnly flag bypass
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled...
CVE-2024-6740
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...
CVE-2024-6740
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...
CVE-2024-6740
Openfind Mail2000 is affected by a Stored XSS vulnerability arising from improper validation of email attachments. An unauthenticated remote attacker can inject JavaScript into an attachment, with the attack executed when the attachment is viewed (stored XSS). Affected product: Openfind Mail2000....
CVE-2024-6740 Openfind Mail2000 - Stored XSS
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...
CVE-2024-6740 Openfind Mail2000 - Stored XSS
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks...
CVE-2024-6739
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...
CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...
CVE-2024-6739 Openfind MailGates and MailAudit - Sensitive Cookie Without 'HttpOnly' Flag
The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS...
CVE-2024-6739
CVE-2024-6739 affects Openfind MailGates and MailAudit. The root cause is a session cookie without the HttpOnly flag, enabling potential cookie theft via XSS. Public details indicate affected versions include Openfind MailGates < 6.1.7.040 and MailAudit
Openfind MailGates and Openfind MailAudit Security Vulnerabilities
Openfind MailGates and Openfind MailAudit are both products of China's Openfind Corporation.Openfind MailGates is an email security system. Openfind MailGates is an email security system that supports email filtering and APT attack defense, etc. Openfind MailAudit is a software for enterprise ema...
Openfind Mail2000 Security Vulnerability
Openfind Mail2000 is a web-based email system from China Netrock Information Openfind. A security vulnerability exists in Openfind Mail2000 that originates from allowing bypassing the HttpOnly flag, which allows an unauthenticated, remote attacker to obtain a session cookie with the HttpOnly flag...
PT-2024-37836 · Openfind · Openfind Mail2000
Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue allows unauthenticated remote attackers to inject JavaScript code within email attachments, resulting in Stored Cross-site scripting attacks, due to improper validation ...
Openfind Mail2000 Cross-Site Scripting Vulnerability
Openfind Mail2000 is a Web-based email system from China's Openfind. A cross-site scripting vulnerability exists in Openfind Mail2000, which originates from not properly validating email attachments, allowing an unauthenticated, remote attacker to inject JavaScript code into the attachments and...
PT-2024-37837 · Openfind · Openfind Mail2000
Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue allows unauthenticated remote attackers to bypass the HttpOnly flag. Attackers can exploit this using specific JavaScript code to obtain the session cookie with the...
PT-2024-37835 · Openfind · Openfind Mailgates +1
Name of the Vulnerable Software and Affected Versions: Openfind MailGates and MailAudit affected versions not specified Description: The issue concerns the session cookie in MailGates and MailAudit, which does not have the HttpOnly flag enabled. This allows remote attackers to potentially steal t...