Every CVE whose affected-product data names Openfind Mail2000, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-5400 — CVSS 8.8 (high): Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this…
CVE-2024-5399 — CVSS 7.2 (high): Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this…
CVE-2020-12776 — CVSS 6.6 (medium): Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain…
CVE-2019-15073 — CVSS 6.1 (medium): An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without…
CVE-2019-9763 — CVSS 6.1 (medium): An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an…
CVE-2019-15071 — CVSS 6.1 (medium): The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of…
CVE-2024-6740 — CVSS 6.1 (medium): Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within…
CVE-2019-15072 — CVSS 6.1 (medium): The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing…
CVE-2024-6741 — CVSS 5.8 (medium): Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this…
CVE-2023-28705 — CVSS 5.4 (medium): Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can…
CVE-2023-22902 — CVSS 5.4 (medium): Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user…