CVE-2019-15071

Summary

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.

Affected Software

VendorProductVersion RangeStatus
OpenfindMAIL20006.0 < Before 20190919affected
OpenfindMAIL20007.0 < SP4 Patch 076affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References