GCVE - cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*

part: a version: 8.0 update: *

Vendor	Openfind (`41501875-adde-50fc-8541-bb1992faec97`)
Product	Mail2000 (`a3a019cc-8a31-5e9f-a59d-d4604dbb97e7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-6741`	vulnerable	2026-06-08 06:58:20.287696	Openfind Mail2000 - HttpOnly flag bypass MEDIUM (5.8) Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled. Published: 2024-07-15T08:26:32.252Z Updated: 2024-08-01T21:41:04.558Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6740`	vulnerable	2026-06-08 06:58:20.286912	Openfind Mail2000 - Stored XSS MEDIUM (6.1) Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks. Published: 2024-07-15T08:00:31.584Z Updated: 2024-08-01T21:41:04.575Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html https://www.twcert.org.tw/en/cp-139-7939-3423f-2.html https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5400`	vulnerable	2026-06-08 06:56:15.799731	Openfind Mail2000 - OS Command Injection HIGH (8.8) Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server. Published: 2024-05-27T05:36:44.672Z Updated: 2024-08-01T21:11:12.528Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7819-9661a-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5399`	vulnerable	2026-06-08 06:56:15.799159	Openfind Mail2000 - OS Command Injection HIGH (7.2) Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server. Published: 2024-05-27T03:32:29.744Z Updated: 2024-08-01T21:11:12.667Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7817-6ce29-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-22902`	vulnerable	2026-06-08 05:54:27.333006	Openfind Mail2000 - XSS MEDIUM (5.4) Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack. Published: 2023-03-27T00:00:00.000Z Updated: 2025-02-19T16:28:31.236Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-6953-79236-1.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.