go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Openfind MAIL2000 Webmail Post-Auth Cross-Site Scripting

TVN ID TVN-201909002
CVE ID CVE-2019-15072
Affected Products Openfind MAIL2000 through version 6.0 and 7.0
Description The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
Solution Update to the latest version
Credit Tony Kuo (CHT Security)
Vtim (CHT Security)
Public Date 2019-11-20

Links

  1. CVE-2019-15072
Top