CVE-2023-28705

Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openfind:mail2000:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 5.4
References () https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html - Third Party Advisory

09 Jun 2023, 18:14

Type Values Removed Values Added
References (MISC) https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html - (MISC) https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html - Third Party Advisory
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 6.1
First Time Openfind
Openfind mail2000
CPE cpe:2.3:a:openfind:mail2000:*:*:*:*:*:*:*:*

02 Jun 2023, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-02 11:15

Updated : 2024-11-21 07:55


NVD link : CVE-2023-28705

Mitre link : CVE-2023-28705

CVE.ORG link : CVE-2023-28705


JSON object : View

Products Affected

openfind

  • mail2000
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')