PRIOn knowledge basePRION:CVE-2019-15071Cross site scripting
0.006 Low
EPSS
Percentile
79.2%
The “/cgi-bin/go” page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
References
gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216d
gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27
tvn.twcert.org.tw/taiwanvn/TVN-201909001
www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037be242fec7b185603ca52dc1.txt
www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf
www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf
www.openfind.com.tw/taiwan/resource.html
www.twcert.org.tw/en/cp-128-3085-45bda-2.html
Related
