Login Sign Up

CVE-2024-6740

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

Openfind Mail2000 has a stored cross-site scripting (XSS) vulnerability in email attachment handling. Unauthenticated remote attackers can inject malicious JavaScript via attachments, which executes when victims view the attachments. This affects all Mail2000 users who process email attachments.

💻 Affected Systems

Products:
  • Openfind Mail2000
Versions: All versions before the security patch
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the webmail interface where users view email attachments.

📦 What is this software?

Mail2000 by Openfind

View all CVEs affecting Mail2000 →

Mail2000 by Openfind

View all CVEs affecting Mail2000 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform account takeover, redirect users to malicious sites, or deploy malware through client-side attacks.

🟠

Likely Case

Session hijacking, credential theft, or phishing attacks against users who view malicious attachments.

🟢

If Mitigated

Limited impact with proper content security policies, input validation, and user awareness training.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XSS vulnerabilities are commonly exploited; no public exploit code needed for basic attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Openfind security advisory for specific patched versions

Vendor Advisory: https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-24-007.pdf

Restart Required: Yes

Instructions:

1. Download the security patch from Openfind. 2. Apply the patch according to vendor instructions. 3. Restart Mail2000 services. 4. Verify the fix.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution from untrusted sources

Add 'Content-Security-Policy' header to web server configuration

Disable HTML rendering for attachments

all

Configure Mail2000 to display attachments as plain text or download only

Configure via Mail2000 admin interface

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads in attachments
  • Educate users to avoid opening suspicious attachments and use alternative email clients temporarily

🔍 How to Verify

Check if Vulnerable:

Test by uploading an attachment with JavaScript payload and checking if it executes when viewed

Check Version:

Check Mail2000 admin interface or version files in installation directory

Verify Fix Applied:

After patching, test the same XSS payload to confirm it's properly sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual attachment uploads, JavaScript in attachment filenames or content

Network Indicators:

  • HTTP requests with suspicious attachment parameters

SIEM Query:

search for 'attachment' AND ('script' OR 'javascript' OR 'onload' OR 'onerror') in web logs

📊 Metadata

CVE ID: CVE-2024-6740
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: July 15, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6740, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)