Browse all 16 CVE security advisories affecting Openfind. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Openfind is a search technology provider primarily used for enterprise search and information retrieval solutions. Historically, the product has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, along with privilege escalation vulnerabilities in its administrative interfaces. Security researchers have identified consistent patterns in authentication bypass and input validation weaknesses across versions. While no major public security incidents have been widely documented, the 16 recorded CVEs indicate a history of security concerns that require regular patching and hardening of deployment environments. Organizations using Openfind should implement strict access controls and monitor for exploitation attempts of these known vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-28705 | Openfind Mail2000 - XSS (Reflected Cross-site scripting) — Mail2000CWE-79 | 5.4 | Medium | 2023-06-02 |
| CVE-2023-22902 | Openfind Mail2000 - XSS — Mail2000CWE-79 | 5.4 | Medium | 2023-03-27 |
| CVE-2020-12776 | Openfind Mail2000 - Broken Access Control — Mail2000 | 6.6 | Medium | 2020-09-01 |
| CVE-2019-15072 | Openfind MAIL2000 Webmail Post-Auth Cross-Site Scripting — MAIL2000CWE-79 | 6.1 | - | 2019-11-20 |
| CVE-2019-15073 | Openfind MAIL2000 Webmail Pre-Auth Open Redirect — MAIL2000CWE-601 | 6.1 | - | 2019-11-20 |
| CVE-2019-15071 | Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting — MAIL2000CWE-79 | 6.1 | - | 2019-11-20 |
This page lists every published CVE security advisory associated with Openfind. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.