An ECCS user pointed out on March, 2019 that the following vulnerability was found in the web interface of MailSuite provided by QUALITIA, used for MailHosting services and ECCS Staff Emails.
We have confirmed the vulnerability, which occurs when users execute the malicious script mounted in a URL in the email text, causing random JavaScript program runs unexpectedly. We had already modified the system as of May, 2019, but have modified it once again in September, 2019 shortly after a similar vulnerability was found. We have confirmed that no malicious operations using the above-mentioned vulnerability have been carried out after checking the operation logs.
We deeply apologize to all users for any inconvenience this may have caused, and for the late announcement, delayed until after we had finished the countermeasures for other websites using the same software.