Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
References
Link | Resource |
---|---|
https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf | Exploit |
https://www.twcert.org.tw/en/cp-139-7939-3423f-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Jul 2024, 18:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:* cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:* |
|
References | () https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf - Exploit | |
References | () https://www.twcert.org.tw/en/cp-139-7939-3423f-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html - Third Party Advisory | |
Summary |
|
|
First Time |
Openfind
Openfind mail2000 |
15 Jul 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-15 08:15
Updated : 2024-07-16 18:04
NVD link : CVE-2024-6740
Mitre link : CVE-2024-6740
CVE.ORG link : CVE-2024-6740
JSON object : View
Products Affected
openfind
- mail2000
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')