Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html | Third Party Advisory |
Configurations
History
09 Jun 2023, 18:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:openfind:mail2000:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html - Third Party Advisory |
02 Jun 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-02 11:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-28705
Mitre link : CVE-2023-28705
CVE.ORG link : CVE-2023-28705
JSON object : View
Products Affected
openfind
- mail2000
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')