Openfind: Security Vulnerabilities
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVSS Score
6.1
EPSS Score
0.01
Published
2019-11-20
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-06-19
Page 2