GCVE - cpe:2.3:a:openfind:mail2000_v7.0:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openfind:mail2000_v7.0:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Openfind (`41501875-adde-50fc-8541-bb1992faec97`)
Product	Mail2000 V7.0 (`3db546a4-3a44-52cb-a978-7973100593ed`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-6741`	vulnerable	2026-06-08 06:58:20.287728	Openfind Mail2000 - HttpOnly flag bypass MEDIUM (5.8) Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled. Published: 2024-07-15T08:26:32.252Z Updated: 2024-08-01T21:41:04.558Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7940-0177a-1.html https://www.twcert.org.tw/en/cp-139-7941-b66e7-2.html https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6740`	vulnerable	2026-06-08 06:58:20.284113	Openfind Mail2000 - Stored XSS MEDIUM (6.1) Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks. Published: 2024-07-15T08:00:31.584Z Updated: 2024-08-01T21:41:04.575Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html https://www.twcert.org.tw/en/cp-139-7939-3423f-2.html https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5399`	vulnerable	2026-06-08 06:56:15.795886	Openfind Mail2000 - OS Command Injection HIGH (7.2) Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server. Published: 2024-05-27T03:32:29.744Z Updated: 2024-08-01T21:11:12.667Z Open on db.gcve.eu Reference links https://www.twcert.org.tw/tw/cp-132-7817-6ce29-1.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.