CVE-2019-15071

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openfind:mail2000:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-11-20 04:15

Updated : 2024-02-04 20:39


NVD link : CVE-2019-15071

Mitre link : CVE-2019-15071

CVE.ORG link : CVE-2019-15071


JSON object : View

Products Affected

openfind

  • mail2000
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')