Overview :
Multiple flaws in Openfind MAIL2000 through version 6.0 and 7.0
Affected Product(s) :
  • Openfind MAIL2000 through version 6.0 and 7.0
Vulnerability Details :
CVE ID : CVE-2019-15073
An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE ID : CVE-2019-15072
The login feature in “/cgi-bin/portal” in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE ID : CVE-2019-15071
The “/cgi-bin/go” page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.

Solution :

Update to the last version