Back to search
CVE-2019-15071
Published: Nov 20, 2019
Modified: Sep 17, 2024
PUBLISHED
Description
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
| Vendor | Product | Versions |
|---|---|---|
Openfind | MAIL2000 | affected 6.0 - < Before 20190919affected 7.0 - < SP4 Patch 076 |
Weaknesses (CWE)
References
https://gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27
x_refsource_CONFIRM
https://www.openfind.com.tw/taiwan/resource.html
x_refsource_CONFIRM
https://gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216d
x_refsource_CONFIRM
https://www.twcert.org.tw/en/cp-128-3085-45bda-2.html
x_refsource_CONFIRM
https://tvn.twcert.org.tw/taiwanvn/TVN-201909001
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now