CVE-2019-15071
CVE-2019-15071 affects Openfind MAIL2000 Webmail, specifically the /cgi-bin/go page in versions 6.0 and earlier and 7.0 and earlier. The root cause is a lack of proper validation of client-side data by the web application, enabling a pre-auth XSS via the ACTION parameter that can run arbitrary co...