Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35789