[Vulnerability Alert] Security Flaw in Third-Party Tool Used by Openfind May Lead to XSS Attacks

Subject： [Vulnerability Alert] Security Flaw in Third-Party Tool Used by Openfind May Lead to XSS Attacks

Content：

• Forwarded from Taiwan Computer Emergency Response Team / Coordination Center (TWCERTCC-200-202508-00000018)
  • Recently, Openfind's Email Threat Lab discovered a security vulnerability in a third-party tool used in the MailGates / MailAudit systems during access log analysis. Attackers have successfully exploited this vulnerability through XSS (Cross-Site Scripting) attacks, which may result in user data leakage and unauthorized access to the file system.
  • Openfind has updated the affected third-party module versions and released a security patch. Users are advised to update as soon as possible.
• Affected Platforms:
  MailGates 5.0/6.0, MailAudit 5.0/6.0
• Recommended Actions:
  • For MailGates / MailAudit Standard Edition, please go to the [Online Update] page:
    • Version 6.0: Update patches sequentially to 6.1.9.050
    • Version 5.0: Update patches sequentially to 5.2.10.097

• Reference:
  • Openfind_OF-ISAC-25-002 https://www.openfind.com.tw/taiwan/download/Openfind_OF-ISAC-25-002.pdf

計算機與通訊中心
網路系統組 敬啟