CVE-2023-22902 MEDIUM

CVE-2023-22902: Openfind Mail2000 - XSS

Vendor Openfind

Product Mail2000

Weakness CWE-79 · XSS

Published March 27, 2023

Last update February 19, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.

Key dates

02Disclosure timeline

March 27, 2023 CVE published

February 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22902

Related vulnerabilities

04Related CVE

CVE-2020-5226 Cross-site scripting in SimpleSAMLphp CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation CVE-2025-23535 WordPress REAL WordPress Sidebar plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-5844 Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via subHeadingTagName Parameter CVE-2024-10242 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection

Identifiers

CVE CVE-2023-22902

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Openfind

Product Mail2000

Affected 7

Vendor Openfind

Product Mail2000

Affected 8