CVE-2019-15071
N/A
N/A
Summary
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Openfind | MAIL2000 | 6.0 < Before 20190919 | affected |
| Openfind | MAIL2000 | 7.0 < SP4 Patch 076 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27
- https://www.openfind.com.tw/taiwan/resource.html
- https://gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216d
- https://www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037be242fec7b185603ca52dc1.txt
- https://www.twcert.org.tw/en/cp-128-3085-45bda-2.html
- https://tvn.twcert.org.tw/taiwanvn/TVN-201909001
- https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf
- https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf
References
- https://gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27
- https://www.openfind.com.tw/taiwan/resource.html
- https://gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216d
- https://www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037be242fec7b185603ca52dc1.txt
- https://www.twcert.org.tw/en/cp-128-3085-45bda-2.html
- https://tvn.twcert.org.tw/taiwanvn/TVN-201909001
- https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf
- https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.