Mailgates
Sign in to watchby Openfind
Source repositories
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6351 | Hig | 0.49 | 7.5 | 0.00 | Apr 16, 2026 | MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files. | |
| CVE-2020-12782 | 0.01 | — | 0.07 | Jun 23, 2020 | Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | ||
| CVE-2024-6739 | 0.00 | — | 0.00 | Jul 15, 2024 | The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS. | ||
| CVE-2020-25849 | 0.00 | — | 0.03 | Nov 1, 2020 | MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token. |