CVE-2023-28705: XSS
First published: Fri Jun 02 2023(Updated: )
Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openfind Mail2000 | <8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-28705.
What is the title of the vulnerability?
The title of the vulnerability is 'Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function'.
How does this vulnerability occur?
This vulnerability occurs due to insufficient filtering of special characters in the email content of Openfind Mail2000's content filtering function.
What is the impact of this vulnerability?
The impact of this vulnerability is that a remote attacker can exploit it using phishing emails containing malicious web pages injected with JavaScript.
Is there a fix available for this vulnerability?
No fix is currently available for this vulnerability. It is recommended to follow security best practices and exercise caution while accessing emails.
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/openfind
- canonical/openfind mail2000