Openfind Mail2000 7.0
Approved changes feed: RSS · Atom
cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:*
part: a version: 7.0 update: *
| Vendor | Openfind (41501875-adde-50fc-8541-bb1992faec97) |
|---|---|
| Product | Mail2000 (a3a019cc-8a31-5e9f-a59d-d4604dbb97e7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-6741 |
vulnerable | 2026-06-08 06:58:20.287600 |
Openfind Mail2000 - HttpOnly flag bypass
MEDIUM (5.8)
Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.
Published: 2024-07-15T08:26:32.252Z
Updated: 2024-08-01T21:41:04.558Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6740 |
vulnerable | 2026-06-08 06:58:20.285988 |
Openfind Mail2000 - Stored XSS
MEDIUM (6.1)
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
Published: 2024-07-15T08:00:31.584Z
Updated: 2024-08-01T21:41:04.575Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5400 |
vulnerable | 2026-06-08 06:56:15.801840 |
Openfind Mail2000 - OS Command Injection
HIGH (8.8)
Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
Published: 2024-05-27T05:36:44.672Z
Updated: 2024-08-01T21:11:12.528Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-5399 |
vulnerable | 2026-06-08 06:56:15.797784 |
Openfind Mail2000 - OS Command Injection
HIGH (7.2)
Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server.
Published: 2024-05-27T03:32:29.744Z
Updated: 2024-08-01T21:11:12.667Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22902 |
vulnerable | 2026-06-08 05:54:27.332372 |
Openfind Mail2000 - XSS
MEDIUM (5.4)
Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.
Published: 2023-03-27T00:00:00.000Z
Updated: 2025-02-19T16:28:31.236Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-12776 |
vulnerable | 2026-06-08 05:17:59.111784 |
Openfind Mail2000 - Broken Access Control
MEDIUM (6.6)
Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie.
Published: 2020-09-01T08:10:17.915Z
Updated: 2024-09-17T04:14:37.526Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.