CVE-2023-28705
Last modified
CVE-2023-28705 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openfind | Mail2000 | < 8.0 |
References
- https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.htmlThird Party Advisory
- https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-28705?
How severe is CVE-2023-28705?
How do I fix CVE-2023-28705?
Are you affected by CVE-2023-28705?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST