CVE-2019-15072

Summary

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.

Affected Software

VendorProductVersion RangeStatus
OpenfindMAIL20006.0 < Before 20190919affected
OpenfindMAIL20007.0 < SP4 Patch 076affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References