11 matches found
CVE-2019-15072
The CVE-2019-15072 issue affects Openfind MAIL2000 Webmail: login functionality at /cgi-bin/portal for MAIL2000 versions up to 6.0 and 7.0. The vulnerability is Cross-Site Scripting (XSS) caused by lack of proper validation of client data in the WEB application, enabling an attacker to execute ar...
CVE-2024-5399
Openfind Mail2000 is affected by an OS command injection vulnerability (CVE-2024-5399) stemming from improper filtering of parameters in a specific API. The flaw allows remote attackers with administrative privileges to execute arbitrary system commands on the remote server. The issue is reported...
CVE-2019-15073
Openfind Mail2000 Webmail Open Redirect (CVE-2019-15073). Affected: Mail2000 Webmail versions 6.0 and 7.0. Component: CGI endpoint /cgi-bin/go. Root cause: input validation error enabling an open redirect without authentication. Impact: vulnerable to redirection to attacker-controlled malicious s...
CVE-2019-15071
CVE-2019-15071 affects Openfind MAIL2000 Webmail, specifically the /cgi-bin/go page in versions 6.0 and earlier and 7.0 and earlier. The root cause is a lack of proper validation of client-side data by the web application, enabling a pre-auth XSS via the ACTION parameter that can run arbitrary co...
CVE-2023-22902
Openfind Mail2000 is affected by a Cross-Site Scripting (XSS) vulnerability arising from insufficient input filtering in the file upload function. The issue allows an authenticated remote attacker with general user privileges to inject JavaScript, as described in CVE-2023-22902 across multiple so...
CVE-2024-6741
Summary: Multiple sources describe a vulnerability in Openfind Mail2000 where the HttpOnly flag can be bypassed, enabling unauthenticated remote attackers to obtain the session cookie via crafted JavaScript. Affected product: Openfind Mail2000 (email web system). Technical details: Bypass of Http...
CVE-2019-9763
Openfind Mail2000 Webmail (versions 6.0 and 7.0) is affected by a Cross‑Site Scripting vulnerability. The root cause is insufficient validation of client data in Webmail, enabling XSS via an email containing the substring <object data="data:text/html. The vendor subsequently patched this. CVSS...
CVE-2024-5400
CVE-2024-5400 affects Openfind Mail2000, where a CGI parameter handling vulnerability enables OS command injection. Multiple sources describe that remote attackers with regular privileges can exploit improper filtering of specific CGI parameters to execute arbitrary system commands on the remote ...
CVE-2023-28705
Openfind Mail2000 is affected by a reflected XSS vulnerability caused by insufficient filtering of special characters in email content (content filtering function). A remote attacker can craft phishing emails with malicious JavaScript; when a user opens the email, the attacker can trigger XSS in ...
CVE-2024-6740
Openfind Mail2000 is affected by a Stored XSS vulnerability arising from improper validation of email attachments. An unauthenticated remote attacker can inject JavaScript into an attachment, with the attack executed when the attachment is viewed (stored XSS). Affected product: Openfind Mail2000....
CVE-2020-12776
CVE-2020-12776 affects Openfind Mail2000 and is described as a Broken Access Control vulnerability that can enable unauthorized command execution after an attacker obtains an administrator access token or cookie. The available documents provide a high-severity impact (CVE is associated with high ...