Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown
Openfind MAIL2000 Webmail Pre-Auth Cross-Site Scripting
Disclosure Date: November 20, 2019 (last updated November 27, 2024)
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
0