CVE-2024-6740
published 2024-07-15CVE-2024-6740: Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.50%
39.1th percentile
Openfind's Mail2000 does not properly validate email atachments, allowing unauthenticated remote attackers to inject JavaScript code within the attachment and perform Stored Cross-site scripting attacks.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openfind | mail2000 | — | — |
| openfind | mail2000 | — | — |
| openfind | mail2000_v7.0 | >= all < Patch 131 | Patch 131 |
| openfind | mail2000_v8.0 | >= all < Patch 044 | Patch 044 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfhttps://www.twcert.org.tw/en/cp-139-7939-3423f-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.htmlhttps://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdfhttps://www.twcert.org.tw/en/cp-139-7939-3423f-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7938-d9c97-1.html
2024-07-15
Published