Unrated severityNVD Advisory· Published Jul 15, 2024· Updated Aug 1, 2024

Openfind Mail2000 - Stored XSS

CVE-2024-6740

Description

Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.

Affected products

Openfind/Mail2000llm-fuzzy3 versions
(expand)+ 2 more
- (no CPE)
- (no CPE)range: all
- (no CPE)range: all

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfmitrevendor-advisory
www.twcert.org.tw/en/cp-139-7939-3423f-2.htmlmitrethird-party-advisory
www.twcert.org.tw/tw/cp-132-7938-d9c97-1.htmlmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000