Unrated severityNVD Advisory· Published Nov 20, 2019· Updated Sep 17, 2024

Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting

CVE-2019-15071

Description

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.

Affected products

Openfind/Mail2000cpe-rescue
Range: 6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216dmitrex_refsource_CONFIRM
gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27mitrex_refsource_CONFIRM
tvn.twcert.org.tw/taiwanvn/TVN-201909001mitrex_refsource_CONFIRM
www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037be242fec7b185603ca52dc1.txtmitrex_refsource_CONFIRM
www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdfmitrex_refsource_MISC
www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdfmitrex_refsource_MISC
www.openfind.com.tw/taiwan/resource.htmlmitrex_refsource_CONFIRM
www.twcert.org.tw/en/cp-128-3085-45bda-2.htmlmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000