CVE-2024-6740

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:*
cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:50

Type Values Removed Values Added
References () https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf - Exploit () https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf - Exploit
References () https://www.twcert.org.tw/en/cp-139-7939-3423f-2.html - Third Party Advisory () https://www.twcert.org.tw/en/cp-139-7939-3423f-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html - Third Party Advisory

16 Jul 2024, 18:04

Type Values Removed Values Added
References () https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf - () https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf - Exploit
References () https://www.twcert.org.tw/en/cp-139-7939-3423f-2.html - () https://www.twcert.org.tw/en/cp-139-7939-3423f-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html - () https://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html - Third Party Advisory
Summary
  • (es) Mail2000 de Openfind no valida adecuadamente los archivos adjuntos de correo electrónico, lo que permite a atacantes remotos no autenticados inyectar código JavaScript dentro del archivo adjunto y realizar ataques de Cross-site Scripting Almacenado.
CPE cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:*
cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*
First Time Openfind
Openfind mail2000

15 Jul 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-15 08:15

Updated : 2024-11-21 09:50


NVD link : CVE-2024-6740

Mitre link : CVE-2024-6740

CVE.ORG link : CVE-2024-6740


JSON object : View

Products Affected

openfind

  • mail2000
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')