Cross-Site Scripting (XSS) Vulnerability in MAIL2000 Versions 6.0 and 7.0 Allows Arbitrary Code Execution

CVE-2019-15071 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.

Learn more about our User Device Pen Test.