2 matches found
CVE-2019-15072
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities...
Openfind MAIL2000 /cgi-bin/portal Login Function Cross-Site Scripting Vulnerability
Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the login function of /cgi-bin/portal in Openfind Mail2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client data by the WEB application. A...