CVE-2023-28705

Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:openfind:mail2000:*:*:*:*:*:*:*:*

History

09 Jun 2023, 18:14

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:openfind:mail2000:*:*:*:*:*:*:*:*
References (MISC) https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html - (MISC) https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html - Third Party Advisory

02 Jun 2023, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-02 11:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-28705

Mitre link : CVE-2023-28705

CVE.ORG link : CVE-2023-28705


JSON object : View

Products Affected

openfind

  • mail2000
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')