Vulnerability Details CVE-2019-15072
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://gist.github.com/chtsecurity/b3396500d4686ad47fb26f64967ef24a
- https://gist.github.com/tonykuo76/5bf1ac369d953d5276afe0a2d04c2147
- https://tvn.twcert.org.tw/taiwanvn/TVN-201909002
- https://www.chtsecurity.com/download/0837ce00c27c73dd3ba3a0d4a7df3a41aaea1ac1e9831a5d61bb64ed484a3598.txt
- https://www.openfind.com.tw/taiwan/resource.html
- https://www.twcert.org.tw/en/cp-128-3086-ff35d-2.html
- https://gist.github.com/chtsecurity/b3396500d4686ad47fb26f64967ef24a
- https://gist.github.com/tonykuo76/5bf1ac369d953d5276afe0a2d04c2147
- https://tvn.twcert.org.tw/taiwanvn/TVN-201909002
- https://www.chtsecurity.com/download/0837ce00c27c73dd3ba3a0d4a7df3a41aaea1ac1e9831a5d61bb64ed484a3598.txt
- https://www.openfind.com.tw/taiwan/resource.html
- https://www.twcert.org.tw/en/cp-128-3086-ff35d-2.html