Lucene search
K
OpenfindMail2000

11 matches found

CVE
CVE
added 2019/11/20 4:16 a.m.107 views

CVE-2019-15072

The CVE-2019-15072 issue affects Openfind MAIL2000 Webmail: login functionality at /cgi-bin/portal for MAIL2000 versions up to 6.0 and 7.0. The vulnerability is Cross-Site Scripting (XSS) caused by lack of proper validation of client data in the WEB application, enabling an attacker to execute ar...

6.1CVSS6.2AI score0.01516EPSS
Web
CVE
CVE
added 2024/05/27 3:32 a.m.106 views

CVE-2024-5399

Openfind Mail2000 is affected by an OS command injection vulnerability (CVE-2024-5399) stemming from improper filtering of parameters in a specific API. The flaw allows remote attackers with administrative privileges to execute arbitrary system commands on the remote server. The issue is reported...

7.2CVSS7.4AI score0.00562EPSS
CVE
CVE
added 2019/11/20 4:16 a.m.93 views

CVE-2019-15073

Openfind Mail2000 Webmail Open Redirect (CVE-2019-15073). Affected: Mail2000 Webmail versions 6.0 and 7.0. Component: CGI endpoint /cgi-bin/go. Root cause: input validation error enabling an open redirect without authentication. Impact: vulnerable to redirection to attacker-controlled malicious s...

6.1CVSS6.2AI score0.01126EPSS
CVE
CVE
added 2019/11/20 4:6 a.m.88 views

CVE-2019-15071

CVE-2019-15071 affects Openfind MAIL2000 Webmail, specifically the /cgi-bin/go page in versions 6.0 and earlier and 7.0 and earlier. The root cause is a lack of proper validation of client-side data by the web application, enabling a pre-auth XSS via the ACTION parameter that can run arbitrary co...

6.1CVSS6.2AI score0.01628EPSS
Web
CVE
CVE
added 2023/03/27 12:0 a.m.79 views

CVE-2023-22902

Openfind Mail2000 is affected by a Cross-Site Scripting (XSS) vulnerability arising from insufficient input filtering in the file upload function. The issue allows an authenticated remote attacker with general user privileges to inject JavaScript, as described in CVE-2023-22902 across multiple so...

5.4CVSS5.3AI score0.00429EPSS
CVE
CVE
added 2024/07/15 8:26 a.m.79 views

CVE-2024-6741

Summary: Multiple sources describe a vulnerability in Openfind Mail2000 where the HttpOnly flag can be bypassed, enabling unauthenticated remote attackers to obtain the session cookie via crafted JavaScript. Affected product: Openfind Mail2000 (email web system). Technical details: Bypass of Http...

5.8CVSS5.5AI score0.00644EPSS
CVE
CVE
added 2019/06/19 5:2 p.m.78 views

CVE-2019-9763

Openfind Mail2000 Webmail (versions 6.0 and 7.0) is affected by a Cross‑Site Scripting vulnerability. The root cause is insufficient validation of client data in Webmail, enabling XSS via an email containing the substring <object data="data:text/html. The vendor subsequently patched this. CVSS...

6.1CVSS6AI score0.01214EPSS
CVE
CVE
added 2024/05/27 5:36 a.m.75 views

CVE-2024-5400

CVE-2024-5400 affects Openfind Mail2000, where a CGI parameter handling vulnerability enables OS command injection. Multiple sources describe that remote attackers with regular privileges can exploit improper filtering of specific CGI parameters to execute arbitrary system commands on the remote ...

8.8CVSS9.1AI score0.00578EPSS
CVE
CVE
added 2023/06/02 12:0 a.m.64 views

CVE-2023-28705

Openfind Mail2000 is affected by a reflected XSS vulnerability caused by insufficient filtering of special characters in email content (content filtering function). A remote attacker can craft phishing emails with malicious JavaScript; when a user opens the email, the attacker can trigger XSS in ...

6.1CVSS5.7AI score0.00429EPSS
CVE
CVE
added 2024/07/15 8:0 a.m.64 views

CVE-2024-6740

Openfind Mail2000 is affected by a Stored XSS vulnerability arising from improper validation of email attachments. An unauthenticated remote attacker can inject JavaScript into an attachment, with the attack executed when the attachment is viewed (stored XSS). Affected product: Openfind Mail2000....

6.1CVSS6.3AI score0.00502EPSS
CVE
CVE
added 2020/09/01 8:10 a.m.40 views

CVE-2020-12776

CVE-2020-12776 affects Openfind Mail2000 and is described as a Broken Access Control vulnerability that can enable unauthorized command execution after an attacker obtains an administrator access token or cookie. The available documents provide a high-severity impact (CVE is associated with high ...

9CVSS6.9AI score0.00833EPSS