Medium severity6.1NVD Advisory· Published Nov 20, 2019· Updated Jun 17, 2026
CVE-2019-15071
CVE-2019-15071
Description
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
8- gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216dnvdThird Party Advisory
- gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27nvdThird Party Advisory
- tvn.twcert.org.tw/taiwanvn/TVN-201909001nvdThird Party Advisory
- www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037be242fec7b185603ca52dc1.txtnvdThird Party Advisory
- www.openfind.com.tw/taiwan/resource.htmlnvdProductVendor Advisory
- www.twcert.org.tw/en/cp-128-3085-45bda-2.htmlnvdThird Party Advisory
- www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdfnvd
- www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdfnvd
News mentions
0No linked articles in our index yet.