Vulnerability Description
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openfind | Mail2000 | >= 6.0, <= 7.0 |
Related Weaknesses (CWE)
References
- https://gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216dThird Party Advisory
- https://gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27Third Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201909001Third Party Advisory
- https://www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037beThird Party Advisory
- https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pd
- https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pd
- https://www.openfind.com.tw/taiwan/resource.htmlProductVendor Advisory
- https://www.twcert.org.tw/en/cp-128-3085-45bda-2.htmlThird Party Advisory
- https://gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216dThird Party Advisory
- https://gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27Third Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201909001Third Party Advisory
- https://www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037beThird Party Advisory
- https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pd
- https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pd
- https://www.openfind.com.tw/taiwan/resource.htmlProductVendor Advisory
FAQ
What is CVE-2019-15071?
CVE-2019-15071 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The cod...
How severe is CVE-2019-15071?
CVE-2019-15071 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15071?
Check the references section above for vendor advisories and patch information. Affected products include: Openfind Mail2000.