Skip to main content

Mail2000

11 CVEs product

Monthly

CVE-2024-6741 MEDIUM POC This Month

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mail2000
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-6740 MEDIUM POC This Month

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2000
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-5400 HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific CGI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5399 HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-28705 MEDIUM This Month

Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mail2000
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22902 MEDIUM This Month

Openfind Mail2000 file uploading function has insufficient filtering for user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mail2000
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-12776 HIGH This Week

Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mail2000
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2019-15073 MEDIUM This Month

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-15072 MEDIUM This Month

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2019-15071 MEDIUM This Month

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Mail2000
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2019-9763 MEDIUM POC This Month

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2000
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mail2000
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2000
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific CGI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Openfind Mail2000 does not properly filter parameters of specific API. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mail2000
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mail2000
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Openfind Mail2000 file uploading function has insufficient filtering for user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mail2000
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mail2000
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Mail2000
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM This Month

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Mail2000
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM This Month

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Mail2000
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail2000
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy