[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195521

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-15071Date: (C)2019-11-20   (M)2023-12-22


The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.1CVSS Score : 4.3
Exploit Score: 2.8Exploit Score: 8.6
Impact Score: 2.7Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: REQUIREDConfidentiality: NONE
Scope: CHANGEDIntegrity: PARTIAL
Confidentiality: LOWAvailability: NONE
Integrity: LOW 
Availability: NONE 
  
Reference:
https://gist.github.com/chtsecurity/21119b393640bea1d010ab9e3bee216d
https://gist.github.com/tonykuo76/95638395e0c83e68dbd3db0fa0184e27
https://tvn.twcert.org.tw/taiwanvn/TVN-201909001
https://www.chtsecurity.com/download/5011077112c76fb73f82d7eeb2b41b3bcd06c5037be242fec7b185603ca52dc1.txt
https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-004.pdf
https://www.openfind.com.tw/taiwan/download/m2k/patch/Openfind_OF-ISAC-19-005.pdf
https://www.openfind.com.tw/taiwan/resource.html
https://www.twcert.org.tw/en/cp-128-3085-45bda-2.html

CWE    1
CWE-79

© SecPod Technologies