80 matches found
Open redirect
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities...
Cross site scripting
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities...
CVE-2019-15072 Openfind MAIL2000 Webmail Post-Auth Cross-Site Scripting
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities...
CVE-2019-15072
The CVE-2019-15072 issue affects Openfind MAIL2000 Webmail: login functionality at /cgi-bin/portal for MAIL2000 versions up to 6.0 and 7.0. The vulnerability is Cross-Site Scripting (XSS) caused by lack of proper validation of client data in the WEB application, enabling an attacker to execute ar...
CVE-2019-15073 Openfind MAIL2000 Webmail Pre-Auth Open Redirect
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities...
CVE-2019-15073
Openfind Mail2000 Webmail Open Redirect (CVE-2019-15073). Affected: Mail2000 Webmail versions 6.0 and 7.0. Component: CGI endpoint /cgi-bin/go. Root cause: input validation error enabling an open redirect without authentication. Impact: vulnerable to redirection to attacker-controlled malicious s...
CVE-2019-15071
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of...
CVE-2019-15071
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of...
Cross site scripting
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of...
CVE-2019-15071 Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of...
CVE-2019-15071
CVE-2019-15071 affects Openfind MAIL2000 Webmail, specifically the /cgi-bin/go page in versions 6.0 and earlier and 7.0 and earlier. The root cause is a lack of proper validation of client-side data by the web application, enabling a pre-auth XSS via the ACTION parameter that can run arbitrary co...
Openfind MAIL2000 /cgi-bin/portal Login Function Cross-Site Scripting Vulnerability
Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the login function of /cgi-bin/portal in Openfind Mail2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client data by the WEB application. A...
Openfind Mail2000 Open Redirect Vulnerability
Openfind Mail2000 is a Web-based e-mail system. An input validation error vulnerability exists in the '/cgi-bin/go' page in Openfind Mail2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a network system or product that does not properly validate incoming data. An...
Openfind Mail2000 /cgi-bin/go page cross-site scripting vulnerability
Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the /cgi-bin/go page in Openfind MAIL2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker c...
Openfind Mail2000 Cross-Site Scripting Vulnerability
Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in Webmail in Openfind Mail2000 v6. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can exploit this vulnerability to execute client-side code...
CVE-2019-9763
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...
CVE-2019-9763
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...
Design/Logic Flaw
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...
CVE-2019-9763
Openfind Mail2000 Webmail (versions 6.0 and 7.0) is affected by a Cross‑Site Scripting vulnerability. The root cause is insufficient validation of client data in Webmail, enabling XSS via an email containing the substring <object data="data:text/html. The vendor subsequently patched this. CVSS...
CVE-2019-9763
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...