Back to search
CVE-2019-15072
Published: Nov 20, 2019
Modified: Sep 17, 2024
PUBLISHED
Description
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
| Vendor | Product | Versions |
|---|---|---|
Openfind | MAIL2000 | affected 6.0 - < Before 20190919affected 7.0 - < SP4 Patch 076 |
Weaknesses (CWE)
References
https://www.openfind.com.tw/taiwan/resource.html
x_refsource_CONFIRM
https://gist.github.com/chtsecurity/b3396500d4686ad47fb26f64967ef24a
x_refsource_CONFIRM
https://gist.github.com/tonykuo76/5bf1ac369d953d5276afe0a2d04c2147
x_refsource_CONFIRM
https://tvn.twcert.org.tw/taiwanvn/TVN-201909002
x_refsource_CONFIRM
https://www.twcert.org.tw/en/cp-128-3086-ff35d-2.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now