exploitDog

CVE-2023-22902

Опубликовано: 27 мар. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.

Ссылки

https://www.twcert.org.tw/tw/cp-132-6953-79236-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-6953-79236-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openfind:mail2000:7.0:*:*:*:*:*:*:*

cpe:2.3:a:openfind:mail2000:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00068

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-j85v-hrqj-5vp6

CVSS3: 5.4

github

почти 3 года назад

Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.

EPSS

Процентиль: 21%

0.00068

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79