Cross-Site Scripting (XSS) Vulnerability in MAIL2000 Login Feature

Cross-Site Scripting (XSS) Vulnerability in MAIL2000 Login Feature

CVE-2019-15072 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.

Learn more about our Web Application Penetration Testing UK.