CVE-2023-22902

Published Mar 27, 2023

Last updated 2 years ago

Overview

Description: Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.
Source: twcert@cert.org.tw
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

twcert@cert.org.tw: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1762976A-2372-49D5-BD94-77F8C0C86DC2"
          },
          {
            "criteria": "cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC17A2D8-B006-4738-A6CB-F6B277460B6B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References