Lucene search
K

80 matches found

Prion
Prion
added 2019/11/20 5:15 a.m.15 views

Open redirect

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities...

5.8CVSS6.2AI score0.01126EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2019/11/20 5:15 a.m.20 views

Cross site scripting

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities...

4.3CVSS6.2AI score0.01516EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2019/11/20 4:16 a.m.19 views

CVE-2019-15072 Openfind MAIL2000 Webmail Post-Auth Cross-Site Scripting

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities...

6.2AI score0.01516EPSS
Exploits0References6
CVE
CVE
added 2019/11/20 4:16 a.m.108 views

CVE-2019-15072

The CVE-2019-15072 issue affects Openfind MAIL2000 Webmail: login functionality at /cgi-bin/portal for MAIL2000 versions up to 6.0 and 7.0. The vulnerability is Cross-Site Scripting (XSS) caused by lack of proper validation of client data in the WEB application, enabling an attacker to execute ar...

6.1CVSS6.2AI score0.01516EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2019/11/20 4:16 a.m.21 views

CVE-2019-15073 Openfind MAIL2000 Webmail Pre-Auth Open Redirect

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities...

6.2AI score0.01126EPSS
Exploits0References6
CVE
CVE
added 2019/11/20 4:16 a.m.94 views

CVE-2019-15073

Openfind Mail2000 Webmail Open Redirect (CVE-2019-15073). Affected: Mail2000 Webmail versions 6.0 and 7.0. Component: CGI endpoint /cgi-bin/go. Root cause: input validation error enabling an open redirect without authentication. Impact: vulnerable to redirection to attacker-controlled malicious s...

6.1CVSS6.2AI score0.01126EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2019/11/20 4:15 a.m.5 views

CVE-2019-15071

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of...

6.1CVSS6.5AI score0.01628EPSS
Exploits0References8
NVD
NVD
added 2019/11/20 4:15 a.m.21 views

CVE-2019-15071

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of...

6.1CVSS6.2AI score0.01628EPSS
Exploits0References8
Prion
Prion
added 2019/11/20 4:15 a.m.18 views

Cross site scripting

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of...

4.3CVSS6.2AI score0.01628EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2019/11/20 4:6 a.m.24 views

CVE-2019-15071 Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of...

6.3AI score0.01628EPSS
Exploits0References8
CVE
CVE
added 2019/11/20 4:6 a.m.89 views

CVE-2019-15071

CVE-2019-15071 affects Openfind MAIL2000 Webmail, specifically the /cgi-bin/go page in versions 6.0 and earlier and 7.0 and earlier. The root cause is a lack of proper validation of client-side data by the web application, enabling a pre-auth XSS via the ACTION parameter that can run arbitrary co...

6.1CVSS6.2AI score0.01628EPSS
Exploits0References8Affected Software1
CNVD
CNVD
added 2019/11/20 12:0 a.m.4 views

Openfind MAIL2000 /cgi-bin/portal Login Function Cross-Site Scripting Vulnerability

Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the login function of /cgi-bin/portal in Openfind Mail2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client data by the WEB application. A...

6.1CVSS6.4AI score0.01516EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/20 12:0 a.m.2 views

Openfind Mail2000 Open Redirect Vulnerability

Openfind Mail2000 is a Web-based e-mail system. An input validation error vulnerability exists in the '/cgi-bin/go' page in Openfind Mail2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a network system or product that does not properly validate incoming data. An...

6.1CVSS6.8AI score0.01126EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/20 12:0 a.m.2 views

Openfind Mail2000 /cgi-bin/go page cross-site scripting vulnerability

Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in the /cgi-bin/go page in Openfind MAIL2000 versions 6.0 and earlier and 7.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker c...

6.1CVSS6.3AI score0.01628EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/20 12:0 a.m.2 views

Openfind Mail2000 Cross-Site Scripting Vulnerability

Openfind Mail2000 is a Web-based e-mail system. A cross-site scripting vulnerability exists in Webmail in Openfind Mail2000 v6. The vulnerability stems from a lack of proper validation of client data by the web application. An attacker can exploit this vulnerability to execute client-side code...

6.1CVSS6.4AI score0.01214EPSS
Exploits1References1
NVD
NVD
added 2019/06/19 6:15 p.m.14 views

CVE-2019-9763

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...

6.1CVSS6AI score0.01214EPSS
Exploits1References3
OSV
OSV
added 2019/06/19 6:15 p.m.4 views

CVE-2019-9763

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...

6.1CVSS5.8AI score0.01214EPSS
Exploits1References3
Prion
Prion
added 2019/06/19 6:15 p.m.21 views

Design/Logic Flaw

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...

4.3CVSS6AI score0.01214EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/06/19 5:2 p.m.78 views

CVE-2019-9763

Openfind Mail2000 Webmail (versions 6.0 and 7.0) is affected by a Cross‑Site Scripting vulnerability. The root cause is insufficient validation of client data in Webmail, enabling XSS via an email containing the substring <object data="data:text/html. The vendor subsequently patched this. CVSS...

6.1CVSS6AI score0.01214EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/06/19 5:2 p.m.13 views

CVE-2019-9763

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...

6.1AI score0.01214EPSS
Exploits1References3
Rows per page
Query Builder