CVE-2023-28705 (mail2000)

Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.

access attack characters content filtering cross-site cve email emails exploit function javascript malicious phishing phishing emails scripting special system vulnerability web xss