TVN ID | TVN-201909002 |
---|---|
CVE ID | CVE-2019-15072 |
Affected Products | Openfind MAIL2000 through version 6.0 and 7.0 |
Description | The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities. |
Solution | Update to the latest version |
Credit | Tony Kuo (CHT Security) Vtim (CHT Security) |
Public Date | 2019-11-20 |